Page 2 Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Page 3 REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable...
Page 4 Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license. Copyright © 2010, Juniper Networks, Inc.
Page 5 (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA http://www.gnu.org/licenses/gpl.html...
Page 27: About This Guide
Requesting Technical Support on page xxx Objectives Juniper Networks Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. With NSM, Juniper Networks delivers integrated, policy-based security and network management for all devices.
Page 28: Table 1: Notice Icons
The product supports two levels of access, user and privileged. Identifies variables clusterID, ipAddress. The angle bracket (>) Indicates navigation paths through the UI Object Manager > User Objects > Local by clicking menu options and links. Objects xxviii Copyright © 2010, Juniper Networks, Inc.
Page 29: Documentation
VPN administrators, and network security operation center administrators. Network and Security Provides details about configuring the device features for all Manager Configuring supported ScreenOS and IDP platforms. ScreenOS and IDP Devices Guide Copyright © 2010, Juniper Networks, Inc. xxix...
Page 30: Requesting Technical Support
MX-series platforms. Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC.
Page 31: Self-Help Online Tools And Resources
About This Guide Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/ Search for known bugs: http://www2.juniper.net/kb/...
Page 33: Getting Started
PART 1 Getting Started Getting Started with NSM on page 3 Understanding the JUNOS CLI and NSM on page 5 Before You Begin Adding M-series and MX-series Devices on page 15 Copyright © 2010, Juniper Networks, Inc.
Page 35: Getting Started With Nsm
Introduction to Network and Security Manager Juniper Networks Network and Security Manager (NSM) gives you complete control over your network. Using NSM, you can configure all your Juniper Networks devices from one location, at one time. NSM works with networks of all sizes and complexity. You can add a single device, or create device templates to help you deploy multiple devices.
Page 36: Role-Based Administration
“Configuring Role-Based Administration” in the Network and Security Manager Administration Guide. Related Topics Introduction to Network and Security Manager on page 3 Installing NSM on page 3 NSM and Device Management Overview on page 5 Copyright © 2010, Juniper Networks, Inc.
Page 37: Understanding The Junos Cli And Nsm
Communication Between a Device and NSM on page 13 NSM and Device Management Overview NSM is the Juniper Networks network management tool that allows distributed administration of network appliances like the M-series and MX-series routers. You can use the NSM application to centralize status monitoring, logging, and reporting, and to administer device configurations.
Page 38: Understanding The Cli And Nsm
Enter key. For more information on the CLI, see the JUNOS CLI User Guide. Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. NSM is a three-tier management system made up of the following:...
Page 39: Comparing The Cli To The Nsm Ui
The following sample output shows the protocols configuration of an M-series device: [edit] user@host# show protocols mpls { interface ge-1/3/3.0; interface fe-0/1/2.0; interface fe-0/1/1.0; ospf { traffic-engineering; area 0.0.0.1 { interface lo0.0 { passive; interface ge-1/3/3.0; interface fe-0/1/2.0; interface fe-0/1/1.0; Copyright © 2010, Juniper Networks, Inc.
Page 40: Figure 1: Overview Of The User Interface
Figure 1 on page 8 shows the NSM UI with the Configure navigation tree expanded and the main display area containing the services available from the Configure panel. Different services display when you select the Investigate or Administer panels. Figure 1: Overview of the User Interface Copyright © 2010, Juniper Networks, Inc.
Page 41 NSM Services Supported for M-series and MX-series Devices on page 10 How NSM Works with the CLI and Distributed Data Collection on page 11 Device Schemas on page 12 Communication Between a Device and NSM on page 13 Copyright © 2010, Juniper Networks, Inc.
Page 42: Nsm Services Supported For M-Series And Mx-Series Devices
IP addresses to be found by device discovery rules. Topology management—Provides discovery and management of the physical topology of a network of devices connected to a Juniper Networks EX-series switch. These include networking devices such as the J-series, M-series, MX-series and EX-series as well as ScreenOS and Intrusion Detection and Prevention (IDP) devices, IP phones, desktops, printers, and servers.
Page 43: How Nsm Works With The Cli And Distributed Data Collection
DM. The ADM contains configuration data for all objects in a specific domain. When you use the UI to interface with your managed devices, the ADM and DMs work together. Copyright © 2010, Juniper Networks, Inc.
Page 44: Device Schemas
The DM schema reads from a capability file, which lists the fields and attributes that a specific operating system version supports, to determine the supported features for the operating system version Copyright © 2010, Juniper Networks, Inc.
Page 45: Communication Between A Device And Nsm
NSM. The M-series and MX-series device families are described by schemas that are maintained on a schema repository owned by Juniper Networks. These schemas can be added dynamically to NSM. Related Topics...
Page 47: Before You Begin Adding M-Series And Mx-Series Devices
Juniper Networks M120 Internet router JUNOS Release 9.3 Juniper Networks M320 Internet router JUNOS Release 9.3 Juniper Networks MX240 Internet Services router JUNOS Release 9.3 Juniper Networks MX480 Internet Services router JUNOS Release 9.3 Juniper Networks MX960 Internet Services router JUNOS Release 9.3...
Page 48: Considering The Device Status
A deployed device is a device you are currently using in your network. Before you can add a deployed device to NSM, you must configure the following parameters on the device, regardless of the static or dynamic nature of the IP address: Copyright © 2010, Juniper Networks, Inc.
Page 49: The Device
If the address is outside your subnet, add a static route. fxp0 Check Connectivity to the NSM Server Purpose Establish that the M-series or MX-series device has a connection to the NSM server. Copyright © 2010, Juniper Networks, Inc.
Page 50: Configure A Static Route To The Nsm Server
Verify the connection to the NSM server: user@host# run ping destination Sample Output user@host> edit Entering configuration mode [edit] user@host# edit routing-options [edit routing-options] user@host# set static route 192.193.60.181/32 next-hop 192.193.76.254 [edit routing-options] user@host# set static route 192.193.60.181/32 retain Copyright © 2010, Juniper Networks, Inc.
Page 51: Establish A Telnet Or An Sshv2, And A Netconf Protocol Over Ssh Connection To The Nsm Server
[edit system services] At the [ ] hierarchy level, enter the following commands: edit system services user@host# set ftp user@host# set ssh protocol-version v2 user@host# set telnet user@host# set netconf ssh Verify the configuration: user@host# show Copyright © 2010, Juniper Networks, Inc.
Page 52 [edit system services] user@host# set telnet [edit system services] user@host# set netconf ssh [edit system services] user@host# show ftp; ssh { protocol-version v2; telnet; netconf { ssh; [edit system services] user@host# commit commit complete Copyright © 2010, Juniper Networks, Inc.
Page 53: Integrating M-Series And Mx-Series Devices
PART 2 Integrating M-series and MX-series Devices Adding M-series and MX-series Devices Overview on page 23 Updating M-series and MX-series Devices Overview on page 29 Copyright © 2010, Juniper Networks, Inc.
Page 55: Adding M-Series And Mx-Series Devices Overview
Import deployed devices—Deployed devices are the devices you are currently using in your existing network. These devices have already been configured with a static or dynamic IP address and other basic information. For deployed devices, you can import the existing device configuration information into NSM. Copyright © 2010, Juniper Networks, Inc.
Page 56: Supported Add Device Workflows For M-Series And Mx-Series Devices
An M-series or MX-series device can be added using the following methods or workflows: Import device with static IP address Import device with dynamic IP address Model and activate device Rapid deployment (configlets) Device discovery Copyright © 2010, Juniper Networks, Inc.
Page 57: Importing Devices Overview
A physical connection to your network with access to network resources Connectivity to the NSM Device Server, which can be with a static IP address A Telnet or an SSHv2, and a NETCONF protocol over SSH connection Copyright © 2010, Juniper Networks, Inc.
Page 58: Modeling Devices Overview
NSM, and then install that device configuration on the physical device. Adding a single undeployed device to NSM is a four-stage process: Model the device in the UI. Create the device object configuration. Activate the device. Update the device configuration. Copyright © 2010, Juniper Networks, Inc.
Page 59: Only)
(such as all the devices in sales offices throughout western Europe). Use the groups to: Deploy new or updated device configurations to the entire device group. Deploy new or updated policies to the entire device group. Copyright © 2010, Juniper Networks, Inc.
Page 60 Supported Add Device Workflows for M-series and MX-series Devices on page 24 Importing Devices Overview on page 25 Modeling Devices Overview on page 26 Adding Multiple Devices Using Automatic Discovery (JUNOS Software Devices Only) on page 27 Copyright © 2010, Juniper Networks, Inc.
Page 61: Updating M-Series And Mx-Series Devices Overview
From the Device Manager launchpad, select Update Device. The launchpad displays the Update Device(s) dialog box. All connected and managed devices appear in the device list. Modeled devices and devices awaiting import for the first time do not appear. Copyright © 2010, Juniper Networks, Inc.
Page 62: How The Update Process Works
For example, malicious traffic might have entered your network, requiring you to update the device to detect and prevent that attack. Copyright © 2010, Juniper Networks, Inc.
Page 63: Job Manager
NSM creates a job for that command and displays information about that job in the Job Manager module. Job Manager tracks the progress of the command as it travels to the device and back to the management system. Each job contains: Copyright © 2010, Juniper Networks, Inc.
Page 64: Tracking Updated Devices Using Job Manager
Job Type (Directive) List—Displays the job type (directives) and associated timestamp completion status information. All current and completed jobs appear, including device updates. However, if you have not yet performed an update using NSM, the Job List does not display an Update Configuration directive. Copyright © 2010, Juniper Networks, Inc.
Page 65: Reviewing Job Information Displayed In Job Manager
To view the job status for an individual device (including error messages and percent complete), select the device in the Percent Complete pane; the status appears in the Output pane. The job information includes: Copyright © 2010, Juniper Networks, Inc.
Page 66: Device States Displayed In Job Manager During Update
During an update, the managed device changes device state. You can view the current device state in real time in the State Description field of the Job Information dialog box. Table 6 on page 35 lists the states that a device can have. Copyright © 2010, Juniper Networks, Inc.
Page 67: Understanding Updating Errors Displayed In The Job Manager
Figure 4 on page 36 shows that on December 4 a configuration update to an MX960 failed. The super user was locked out by the root user as indicated in the text of the error Copyright © 2010, Juniper Networks, Inc.
Page 68: Figure 4: Failed Update Job Information Dialog Box
(PID). After the root user is locked out, you can try to update the configuration again. NSM should lock the configuration and continue successfully. Copyright © 2010, Juniper Networks, Inc.
Page 69 Job Manager on page 31 Tracking Updated Devices Using Job Manager on page 32 Reviewing Job Information Displayed in Job Manager on page 33 Device States Displayed in Job Manager During Update on page 34 Copyright © 2010, Juniper Networks, Inc.
Page 71: Configuring M-Series And Mx-Series Devices
Configuring Multicast Snooping Options on page 237 Configuring Policy Options on page 241 Configuring Protocols on page 251 Configuring Routing Options on page 361 Configuring Security on page 389 Configuring Services on page 391 Configuring SNMP on page 463 Copyright © 2010, Juniper Networks, Inc.
Page 73: Configuring M-Series And Mx-Series Devices Overview
JUNOS VPNs Configuration Guide for policy options parameters. JUNOS Class of Service Configuration Guide for class of service parameters. JUNOS Software with Enhanced Services Security Configuration Guide for security parameters. JUNOS Services Interface Configuration Guide for service parameters. Copyright © 2010, Juniper Networks, Inc.
Page 74: M-Series And Mx-Series Device Configuration Settings Supported In Nsm
NSM. Table 7: The JUNOS Configuration Hierarchy and the NSM Configuration Tree Available in the NSM Hierarchy Level Configuration Tree edit access edit accounting-options edit applications edit bridge domains edit chassis edit class-of-service Copyright © 2010, Juniper Networks, Inc.
Page 75: Configuring M-Series And Mx-Series Devices
Yes. edit routing-instances] edit routing-options edit schedulers edit security edit services edit snmp edit switch-options edit system edit virtual-chassis edit vlans Copyright © 2010, Juniper Networks, Inc.
Page 76: Configuring Device Features
Make your changes to the device configuration, then choose one of the following: Click OK to save your changes and close the device configuration. Click Apply to save your changes and continue making changes. Copyright © 2010, Juniper Networks, Inc.
Page 77: Example: Configuration Of Interfaces For Mpls In The Cli And Nsm
MPLS, similar to the CLI hierarchy levels. Within MPLS, Interface is highlighted, indicating that the information on the right relates to interfaces within MPLS. The information in the NSM UI example is similar to the information in the CLI example though the presentation is somewhat different. Copyright © 2010, Juniper Networks, Inc.
Page 78: Figure 6: Mpls Configuration In Nsm
M-series and MX-series devices. Related Topics About Device Configuration on page 41 M-series and MX-series Device Configuration Settings Supported in NSM on page 42 Configuring Device Features on page 44 Copyright © 2010, Juniper Networks, Inc.
Page 79: Configuring Access
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Address Assignment. Add or modify settings as specified in Table 8 on page 48. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 80: Table 8: Address Assignment Configuration Details
In the Name box, enter the IP addresses of the domain name client to resolve servers, listed in order of preference. hostname-to-client In the Comment box, enter the comment. mappings. Copyright © 2010, Juniper Networks, Inc.
Page 81 Click Add new entry next to Wins Server. the client uses to resolve In the Name box, enter the IP address of each NetBIOS name NetBIOS names. server. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 82: Configuring Access Address Pools (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Address Pool. Add or modify settings as specified in Table 9 on page 51. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 83: Configuring Access Group Profile (Nsm Procedure)
Your Action Configure the group profile. Click Add new entry next to Group Profile. In the Name box, enter the name to be assigned to the group profile. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 84: Configuring The Ldap Options (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Ldap Options. Add or modify settings as specified in Table 11 on page 53. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 85: Configuring The Ldap Server (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Ldap Server. Add or modify settings as specified in Table 12 on page 54. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 86: Configuring Access Profiles For L2Tp Or Ppp Parameters (Nsm Procedure)
7. Configuring the Client Filter Name (NSM Procedure) on page 59 8. Configuring the LDAP Options (NSM Procedure) on page 60 9. Configuring the LDAP Server (NSM Procedure) on page 61 1 0 . Configuring the Provisioning Order (NSM Procedure) on page 62 Copyright © 2010, Juniper Networks, Inc.
Page 87: Configuring Access Profile (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Profile. Add or modify settings as specified in Table 14 on page 56. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 88: Configuring The Accounting Order (Nsm Procedure)
Configuring the Accounting Order (NSM Procedure) Beginning with JUNOS Release 8.0, you can configure RADIUS accounting for an Layer 2 Tunneling Protocol (L2TP) profile. With RADIUS accounting enabled, Juniper Networks routers, acting as RADIUS clients, can notify the RADIUS server about user activities such as software logins, configuration changes, and interactive commands.
Page 89: Configuring The Authentication Order (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Profile. Copyright © 2010, Juniper Networks, Inc.
Page 90: Configuring The L2Tp Client (Nsm Procedure)
In the pap password box, enter the Password Authentication Protocol (PAP) password. Configure a client group. Click Client Group next to client. Click Add new entry next to Client Group. In the New client-group window, enter the client group. Copyright © 2010, Juniper Networks, Inc.
Page 91: Configuring The Client Filter Name (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Profile. Add or modify settings as specified in Table 22 on page 62. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 92: Configuring The Ldap Options (Nsm Procedure)
Range: 60 through 4294967295 Default: 600 In the Base Distinguished Name box, enter the suffix when assembling user distinguished name (DN) or base DN under which to search for user DN. Copyright © 2010, Juniper Networks, Inc.
Page 93: Configuring The Ldap Server (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Profile. Add or modify settings as specified in Table 21 on page 62. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 94: Configuring The Provisioning Order (Nsm Procedure)
Click Add new entry next to Profile. order. Click Provisioning Order next to profile. Click Add new entry next to Provisioning Order. In the New provisioning-order window, select the order in which provisioning mechanisms are used. Copyright © 2010, Juniper Networks, Inc.
Page 95: Configuring Radius Parameters For Aaa Subscriber Management
Specify a list of the RADIUS Click Attributes next to Radius. accounting servers used for In the Comment box, enter the comment. accounting for Dynamic Host Configuration Protocol (DHCP), Layer 2 Tunneling Protocol (L2TP), and Point-to-Point Protocol (PPP) clients. Copyright © 2010, Juniper Networks, Inc.
Page 96 52, Acct-Input-Gigawords interface-description—Juniper VSA 26-53, Interface-Desc nas-identifier—RADIUS attribute 32, NAS-Identifier nas-port—RADIUS attribute 5, NAS-Port nas-port-id—RADIUS attribute 87, NAS-Port-Id. nas-port-type—RADIUS attribute 61, NAS-Port-Type output-filter—Juniper VSA 26-11, Egress-Policy-Name output-gigapackets—Juniper VSA 25-43, Acct-Output-Gigapackets output-gigawords—RADIUS attribute 53, Acct-Output-Gigawords Copyright © 2010, Juniper Networks, Inc.
Page 97 Range: 60 through 4294967295 seconds Default: 600 seconds Select the vlan-nas-port-stacked-format check box to configure RADIUS attribute 5 (NAS-Port) to include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces. Copyright © 2010, Juniper Networks, Inc.
Page 98: Configuring The Radius Parameters (Nsm Procedure)
Click Radius Options next to Profile. In the Comment box, enter the comment. From the Revert Interval list, select the amount of time the router waits after a server has become unreachable. Default: 600 seconds Copyright © 2010, Juniper Networks, Inc.
Page 99: Configuring The Radius For Subscriber Access Management, L2Tp, Or Ppp
In the Source Address box, enter a valid IPv4 address configured on one of the router interfaces. From the Routing Instance list, select the routing instance name. Configuring Session Limit (NSM Procedure) To configure the timeout limit in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 100: Configuring The Radius For Subscriber Access Management, L2Tp, Or Ppp (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Radius Server. Add or modify settings as specified in Table 27 on page 69. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 101: Configuring The Securid Server (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Access. Select Securid Server. Add or modify settings as specified in Table 28 on page 70. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 102: Configuring The Access Profile (Nsm Procedure)
In the Name box, enter the name of the access profile. Related Topics Configuring Access Profiles for L2TP or PPP Parameters (NSM Procedure) on page 54 Configuring the RADIUS Parameters (NSM Procedure) on page 66 Copyright © 2010, Juniper Networks, Inc.
Page 103: Configuring Accounting Options
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Class Usage Profile. Add or modify the settings as specified in Table 30 on page 72. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 104: Configuring A Log File (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select File. Add or modify the settings as specified in Table 31 on page 73. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 105: Configuring The Filter Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Filter Profile. Add or modify the settings as specified in Table 32 on page 74. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 106: Configuring The Interface Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Interface Profile. Add or modify the settings as specified in Table 33 on page 75. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 107: Configuring The Policy Decision Statistics Profile (Nsm Procedure)
To configure the policy decision statistics profile in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 108: Configuring The Mib Profile (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Accounting Options. Select MIB Profile. Copyright © 2010, Juniper Networks, Inc.
Page 109: Configuring The Routing Engine Profile (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Accounting Options. Select Routing Engine Profile. Add or modify the settings as specified in Table 36 on page 78. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 110: Table 36: Routing Engine Profile Configuration Details
1 minute. cpu-load-5—Average system load over the last 5 minutes. cpu-load-15—Average system load over the last 15 minutes. Memory Usage—Memory usage in bytes. Total Cpu Usage—Amount of CPU time used. Copyright © 2010, Juniper Networks, Inc.
Page 111: Configuring Applications
Add or modify settings as specified in Table 37 on page 80. Click one: OK—Saves the changes. Cancel—Cancels the modifications. NOTE: Application and application set are configurable, only if the device is in the in-device policy mode. Copyright © 2010, Juniper Networks, Inc.
Page 112: Table 37: Applications Configuration Details
In the Comment box, enter the comment. Click Application next to application-set. Click Add new entry next to Application. From the Name list, select the identifier of the application. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 113: Configuring Bridge Domains
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 38 on page 82. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 114: Configuring Layer 2 Learning And Forwarding Properties For A Bridge Domain (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 39 on page 83. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 115: Table 39: Bridge Options Configuration Details
From the Limit list, select the maximum number of MAC bridge domain, virtual switch, addresses learned from an interface. or set of bridge domains. Range: 1 through 131,071 MAC addresses per interface Copyright © 2010, Juniper Networks, Inc.
Page 116: Configuring Forwarding Options (Nsm Procedure)
For overriding the default configuration settings for the extended DHCP relay agent. extended DHCP relay agent, see “Overriding the Default Configuration Settings for the Extended DHCP Relay Agent (NSM Procedure)” on page 187. Copyright © 2010, Juniper Networks, Inc.
Page 117: Configuring Logical Interfaces (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 41 on page 86. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 118: Configuring Multicast Snooping Options (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Bridge Domains. Select Domain. Add or modify the settings as specified in Table 42 on page 87. Click one: OK—saves the changes Cancel—cancels the modifications Copyright © 2010, Juniper Networks, Inc.
Page 119: Table 42: Multicast Snooping Options Configuration Details
Click Graceful Restart next to Multicast Snooping Options. restart duration for In the Comment box, enter the comments. multicast snooping. From the Restart Duration list, select the duration for graceful restart. Range: 0 to 300 seconds Default : 180 seconds Copyright © 2010, Juniper Networks, Inc.
Page 120 Click Flag next to Trace Options. Click Add new entry next to flag. From the Name list, select a tracing operation to perform. In the Comment box, enter the comments. Copyright © 2010, Juniper Networks, Inc.
Page 121: Configuring Igmp Snooping (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 43 on page 90. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 122: Table 43: Igmp Snooping Configuration Details
The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 123 Click Proxy next to Igmp Snooping. proxy mode. In the Comment box, enter the comment. In the Source Address box, enter the IP address to use as the source for IGMP snooping reports in proxy mode. Copyright © 2010, Juniper Networks, Inc.
Page 124 Click Add new entry next to Flag. From the Name list, select the flag to perform the trace operation. In the Comment box, enter the comment for the flag. Select the corresponding flag modifier check box. Copyright © 2010, Juniper Networks, Inc.
Page 125 The router loses contact with the hosts that properly remain in the multicast group until they send join requests in response to the next general multicast listener query from the router. Copyright © 2010, Juniper Networks, Inc.
Page 126: Configuring Vlan Id (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Bridge Domains. Select Domain. Add or modify settings as specified in Table 44 on page 95. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 127: Table 44: Vlan Id Configuration Details
Select vlan tag to tag the VLAN interface so that it can be compared with the normalizing VLAN identifier. In the Comment box, enter the comment. In the Inner box, enter the VLAN identifier. In the Outer box, enter the VLAN identifier. Copyright © 2010, Juniper Networks, Inc.
Page 129: Configuring Chassis
Click the Configuration tab. In the configuration tree, expand Chassis > Aggregated Devices. Add or modify the settings as specified in Table 45 on page 98. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 130: Configuring Chassis Alarms (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Chassis > Alarm. Add or modify the alarm settings as specified in Table 46 on page 99. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 131: Configuring Container Interfaces (Nsm Procedure)
In the Comment box, enter the comment. From the Device list, select the number of container devices. Range: 1 through 128 Related Topics Configuring Aggregated Devices (NSM Procedure) on page 97 Configuring Chassis FPC (NSM Procedure) on page 100 Copyright © 2010, Juniper Networks, Inc.
Page 132: Configuring Chassis Fpc (Nsm Procedure)
DPC and its From the Name list, select the slot number of the DPC. corresponding Packet From the Power list, configure the Flexible PIC Concentrator Forwarding Engines. (FPC) to stay offline or to come online automatically. Copyright © 2010, Juniper Networks, Inc.
Page 133 Click Channel Group next to e1. Click Add new entry next to Channel Group. From the Name list, select the channel number. In the Comment box, enter the comment. In the Timeslots box, enter the actual time slot number. Copyright © 2010, Juniper Networks, Inc.
Page 134 In the Comment box, enter the comment. Click Symmetric Hash next to Inet. In the Comment box, enter the comment. Select the Complement check box to include the complement of the symmetric hash in the hash key. Copyright © 2010, Juniper Networks, Inc.
Page 135 Click Add new entry next to Fpc. Click Pic next to fpc. Click Add new entry next to Pic. Click Q Pic Large Buffer next to pic. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 136 Non member list to the Members list. Remove—Removes the selected port-mirroring instances from the Members list. Add All—Adds all the port-mirroring instances from the Non-members list to the Members list. Remove All—Removes all the port-mirroring instances from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 137: Configuring A T640 Router On A Routing Matrix (Nsm Procedure)
TX Matrix router, configures a T640 router so that it is not part of the routing matrix. On a TX Matrix Plus router, configure a T1600 router so that it is not part of the routing matrix. Copyright © 2010, Juniper Networks, Inc.
Page 138 Click Add new entry next to Fpc. adaptive services interfaces. Click Pic next to fpc. Click Add new entry next to Pic. Click Adaptive Services next to pic. Choose Adaptive Services to enable a service package on adaptive services interfaces. Copyright © 2010, Juniper Networks, Inc.
Page 139 Click Add new entry next to Pic. Click Hash Key next to pic. In the Comment box, enter the comment. Click Family next to Hash Key. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 140 Click Add new entry next to Fpc. Click Pic next to fpc. Click Add new entry next to Pic. Click Q Pic Large Buffer next to pic. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 141 Non member list to the Members list. Remove—Removes the selected port-mirroring instances from the Members list. Add All—Adds all the port-mirroring instances from the Non-members list to the Members list. Remove All—Removes all the port-mirroring instances from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 142: Configuring Routing Engine Redundancy (Nsm Procedure)
Click Failover next to Redundancy. take mastership if it detects In the Comment box, enter the comment. hard disk errors or a loss of a Select the type of failover. keepalive signal from the master Routing Engine. Copyright © 2010, Juniper Networks, Inc.
Page 143: Configuring A Routing Engine To Reboot Or Halt On Hard Disk Errors (Nsm Procedure)
Click the Configuration tab. In the configuration tree, select Chassis > Routing Engine. Add or modify Routing Engine settings as specified in Table 51 on page 112. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 144: Table 51: Chassis Routing Engine Configuration Details
Routing Engine. Related Topics Configuring Aggregated Devices (NSM Procedure) on page 97 Configuring a T640 Router on a Routing Matrix (NSM Procedure) on page 105 Configuring Routing Engine Redundancy (NSM Procedure) on page 110 Copyright © 2010, Juniper Networks, Inc.
Page 145: Configuring Authentication
New—Adds a new RADIUS server. OK—Saves the changes. Cancel—Cancels the modifications. Table 52: RADIUS Authentication Configuration Details Option Function Your Action Name Specifies the IP address of the RADIUS server. Enter the IP address of the RADIUS server. Copyright © 2010, Juniper Networks, Inc.
Page 146: Configuring Tacacs+ Authentication (Nsm Procedure)
New—Adds a new TACACS+ server. OK—Saves the changes. Cancel—Cancels the modifications. Table 53: TACACS+ Authentication Configuration Details Option Function Your Action Name Specifies the IP address of the TACACS+ server. Enter the IP address of the TACACS+ server. Copyright © 2010, Juniper Networks, Inc.
Page 147: Configuring Authentication Order (Nsm Procedure)
New authentication-order list. OK—Saves the changes. Cancel—Cancels the modifications. Related Topics Configuring RADIUS Authentication (NSM Procedure) on page 113 Configuring TACACS+ Authentication (NSM Procedure) on page 114 Configuring User Access (NSM Procedure) on page 116 Copyright © 2010, Juniper Networks, Inc.
Page 148: Configuring User Access (Nsm Procedure)
For example, class can use. “request system reboot”. Login > Class > Permissions Permissions Configures the login access privileges Enter a new permission. to be provided on the device. Copyright © 2010, Juniper Networks, Inc.
Page 149: Configuring User Accounts
Configuring Template Accounts (NSM Procedure) You can create template accounts that are shared by a set of users when you are using RADIUS or TACACS+ authentication. When a user is authenticated by a template account, Copyright © 2010, Juniper Networks, Inc.
Page 150: Creating A Remote Template Account
Enter the user name. For example, type remote. Specifies the user identifier for a Enter the number associated with the login account. login account. Class Specifies the login class for the user. Select the login class. For example, select operator. Copyright © 2010, Juniper Networks, Inc.
Page 151: Creating A Local Template Account
Select the login class. For example, select superuser. Related Topics Configuring RADIUS Authentication (NSM Procedure) on page 113 Configuring TACACS+ Authentication (NSM Procedure) on page 114 Configuring Authentication Order (NSM Procedure) on page 115 Copyright © 2010, Juniper Networks, Inc.
Page 153: Configuring Class Of Service Features
Configuring CoS Restricted Queues (NSM Procedure) on page 142 Configuring Tracing Operations (NSM Procedure) on page 143 Configuring CoS Traffic Control Profiles (NSM Procedure) on page 144 Configuring CoS Translation Table (NSM Procedure) on page 145 Copyright © 2010, Juniper Networks, Inc.
Page 154: Configuring Cos Classifiers (Nsm Procedure)
Click Add new entry next to Dscp. classifiers for DiffServ CoS. In the Name box, type the name of the behavior aggregate classifier—for example, ba-classifier. In the Import box, type the name of the default DSCP map. Copyright © 2010, Juniper Networks, Inc.
Page 155 In the Unit number box, type the logical interface unit number—for example, Click Configure next to Classifiers. In the Classifiers box, under Dscp, type the name of the previously configured behavior aggregate classifier—for example, ba-classifier. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 156: Configuring Cos Code Point Aliases (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 157: Configuring Cos Drop Profile (Nsm Procedure)
100 percent. To configure drop profiles in NSM: In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device for which you want to configure drop profiles. Copyright © 2010, Juniper Networks, Inc.
Page 158: Table 60: Drop Profile Configuration Fields
New button or select a profile and click the Edit button. Expand the Drop Profile tree and select Fill Level. Click the New button or select a fill level and click the Edit button. Select a value from Name list. Copyright © 2010, Juniper Networks, Inc.
Page 159: Configuring Cos Forwarding Classes (Nsm Procedure)
CoS forwarding classes. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Forwarding Classes. Add or modify settings as specified in Table 61 on page 128. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 160: Table 61: Assigning Forwarding Classes To Output Queues
Configuring CoS Drop Profile (NSM Procedure) on page 125 Configuring CoS Interfaces (NSM Procedure) on page 132 Configuring CoS Rewrite Rules (NSM Procedure) Configuring CoS Schedulers (NSM Procedure) on page 139 Configuring CoS and Applying Scheduler Maps (NSM Procedure) on page 141 Copyright © 2010, Juniper Networks, Inc.
Page 161: Configuring Cos Forwarding Policy (Nsm Procedure)
In the Name box, enter the name of forwarding class. override the incoming Click Classification Override next to Class. packet classification. In the Forwarding Class box, enter the name of the forwarding class. Copyright © 2010, Juniper Networks, Inc.
Page 162: Configuring Cos Fragmentation Maps (Nsm Procedure)
Click the Device Tree tab, and then double-click the device for which you want to configure CoS Fragmentation Maps. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Fragmentation Maps. Add or modify settings as specified in Table 63 on page 131. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 163: Configuring Cos Host Outbound Traffic (Nsm Procedure)
Class-of-Service Host Outbound Traffic. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Host Outbound Traffic. Add or modify settings as specified in Table 64 on page 132. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 164: Configuring Cos Interfaces (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 165: Table 65: Interfaces Configuration Fields
Interface. forwarding class for the Click the New button or particular chassis in the select an interface and chassis queue. click the Edit button in Interface. Select the scheduler map chassis from the list. Copyright © 2010, Juniper Networks, Inc.
Page 166 Edit button in logical interface. Interface. Expand the Interface tree and select Output Traffic Control Profile Remaining. Specify a comment and a profile name. Click Ok. Copyright © 2010, Juniper Networks, Inc.
Page 167 Select the name from the list. Comment Specifies the comment for the Expand the Interfaces interface. tree and select Interface Set. Click the New button or select an interface set and click the Edit button. Enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 168 Set. Click the New button or select an interface set and click the Edit button. Expand interface—set tree and select Input Traffic Control Profile Specify the comment and profile name. Click Ok. Copyright © 2010, Juniper Networks, Inc.
Page 169 Click Ok. Related Topics Configuring CoS Classifiers (NSM Procedure) on page 122 Configuring CoS Code Point Aliases (NSM Procedure) on page 124 Configuring CoS Drop Profile (NSM Procedure) on page 125 Copyright © 2010, Juniper Networks, Inc.
Page 170: Configuring Cos Routing Instances (Nsm Procedure)
From the Classifier Name list, select the classifier name. Click Ieee 802.1 next to Classifiers. In the Comment box, enter the comment. From the Classifier name list, select the classifier name. From the Vlan tag list, select the VLAN tag. Copyright © 2010, Juniper Networks, Inc.
Page 171: Configuring Cos Schedulers (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 172: Table 67: Configuring Schedulers
Configuring CoS Forwarding Classes (NSM Procedure) on page 127 Configuring CoS Interfaces (NSM Procedure) on page 132 Configuring CoS Rewrite Rules (NSM Procedure) Configuring CoS and Applying Scheduler Maps (NSM Procedure) on page 141 Copyright © 2010, Juniper Networks, Inc.
Page 173: Configuring Cos And Applying Scheduler Maps (Nsm Procedure)
Select Forwarding Class and click Add new entry. class and scheduler. In the Name box, type the name of the previously configured expedited forwarding class—for example, ef-class. Select the previously configured expedited forwarding scheduler—for example, ef-scheduler. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 174: Configuring Cos Restricted Queues (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Class of Service. Select Restricted Queue. Add or modify settings as specified in Table 69 on page 143. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 175: Configuring Tracing Operations (Nsm Procedure)
Task Your Action Configure tracing In the Comment box, enter the comment for the traceoptions. operations. Select the No Remote Trace check box to disable remote tracing globally or for a specific tracing operation. Copyright © 2010, Juniper Networks, Inc.
Page 176: Configuring Cos Traffic Control Profiles (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Class of Service. Select Traffic Control Profiles. Add or modify settings as specified in Table 71 on page 145. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 177: Configuring Cos Translation Table (Nsm Procedure)
(DLCIs) (units) that you can configure on each PIC varies based on the number and type of BA classification tables configured on the interfaces. To configure CoS Translation Table in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 178: Table 72: Translation Table Configuration Details
Members list. Remove—Removes the selected code points from the Members list. Add All—Adds all the code points from the Non-members list to the Members list. Remove All—Removes all the code points from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 179 Members list. Remove—Removes the selected code points from the Members list. Add All—Adds all the code points from the Non-members list to the Members list. Remove All—Removes all the code points from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 180 Members list. Remove—Removes the selected code points from the Members list. Add All—Adds all the code points from the Non-members list to the Members list. Remove All—Removes all the code points from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 181 Related Topics Configuring CoS Rewrite Rules (NSM Procedure) Configuring CoS Routing Instances (NSM Procedure) on page 138 Configuring Tracing Operations (NSM Procedure) on page 143 Configuring CoS Traffic Control Profiles (NSM Procedure) on page 144 Copyright © 2010, Juniper Networks, Inc.
Page 183: Configuring Event Options
Table 73: Destination Configuration Details Option Function Your Action Name Specifies the name of the Enter the name for the destination. destination. Comment Specifies the comment for the Enter the comment for the destination. destination. Copyright © 2010, Juniper Networks, Inc.
Page 184: Configuring Event Script (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Event Options > Event Script. Select Event Script. Add or modify settings as specified in Table 74 on page 153. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 185: Table 74: Event Script Configuration Details
Configuring Destinations for File Archiving (NSM Procedure) on page 151 Generating Internal Events (NSM Procedure) on page 154 Configuring Event Policy (NSM Procedure) on page 154 Configuring Event Policy Tracing Operations (NSM Procedure) on page 157 Copyright © 2010, Juniper Networks, Inc.
Page 186: Generating Internal Events (Nsm Procedure)
Configuring Event Policy Tracing Operations (NSM Procedure) on page 157 Configuring Event Policy (NSM Procedure) Event policies can listen for specific events, create log files, invoke JUNOS commands, and invoke event scripts. To configure an event policy in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 187: Table 76: Configure Event Policy Details
Select the Ignore check box to define a policy that ignores actions. particular events. Select the Raise Trap check box to define a policy that raises a Simple Network Management Protocol (SNMP) trap in response to an event. Copyright © 2010, Juniper Networks, Inc.
Page 188 In the Filename box, enter the name of the file to be an event. uploaded. From the Destination list, select the name of a destination. From the User Name list, select the username. From the transfer relay list, select the delay before transferring files. Copyright © 2010, Juniper Networks, Inc.
Page 189: Configuring Event Policy Tracing Operations (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Event Options. Select Traceoptions. Copyright © 2010, Juniper Networks, Inc.
Page 190: Table 77: Event Options Traceoptions Configuration Details
Configuring Destinations for File Archiving (NSM Procedure) on page 151 Configuring Event Script (NSM Procedure) on page 152 Generating Internal Events (NSM Procedure) on page 154 Configuring Event Policy (NSM Procedure) on page 154 Copyright © 2010, Juniper Networks, Inc.
Page 191: Configuring Firewall
Click the Configuration tab. In the configuration tree, expand Firewall > Family > Any. Add or modify settings as specified in Table 78 on page 160. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 192: Table 78: Firewall Filter Configuration Details
Select one of the following: single-rate—if the named tricolor policer is a single-rate policer. two-rate—if the named tricolor policer is a two-rate policer. Related Topics Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) on page 161 Copyright © 2010, Juniper Networks, Inc.
Page 193: Configuring The Firewall Filter For Bridge Family Type (Nsm Procedure)
Select Interface Specific to configure interface-specific names for firewall counters. Configure accounting for Click Accounting Profile next to filter. firewall filter. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 194 Related Topics Configuring the Firewall Filter for Any Family Type (NSM Procedure) on page 159 Configuring the Firewall Filter for Ccc Family Type (NSM Procedure) on page 163 Copyright © 2010, Juniper Networks, Inc.
Page 195: Configuring The Firewall Filter For Ccc Family Type (Nsm Procedure)
Configure accounting for Click Accounting Profile next to filter. firewall filter. Click Add new entry next to Accounting Profile. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 196 Configuring the Firewall Filter for Bridge Family Type (NSM Procedure) on page 161 Configuring the Firewall Filter for MPLS Family Type (NSM Procedure) on page 174 Configuring the Firewall Filter for VPLS Family Type (NSM Procedure) on page 177 Copyright © 2010, Juniper Networks, Inc.
Page 197: Configuring Filters For Inet Family Type (Nsm Procedure)
Configure accounting for Click Accounting Profile next to filter. firewall filters. Click Add new entry next to Accounting Profile. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 198 23. From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high. 24. In the Forwarding Class box, enter the packet forwarding class name. 25. From the Prefix Action list, select the prefix specific action. Copyright © 2010, Juniper Networks, Inc.
Page 199: Configuring Prefix-Specific Actions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Firewall > Family > Inet. Click Prefix Action. Add or modify settings as specified in Table 82 on page 168. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 200: Configuring Service Filters (Nsm Procedure)
Task Your Action Configure service filter. Click Service Filter next to Inet. Click Add new entry next to Service Filter. Expand service-filter. In the Name box, enter the name that identifies the service filter. Copyright © 2010, Juniper Networks, Inc.
Page 201: Configuring Simple Filters (Nsm Procedure)
The next-term action is not supported. The except and protocol-except match conditions are not supported. Noncontiguous masks are not supported. Only one source-address and one destination-address prefix are allowed for each filter term. Copyright © 2010, Juniper Networks, Inc.
Page 202: Configuring Filters For Inet6 Family Type (Nsm Procedure)
You can configure filter and service filters for inet6 using the Firewall option. See the following topics: Configuring Firewall Filter for inet6 Family Type (NSM Procedure) on page 171 Configuring Service Filters for inet6 (NSM Procedure) on page 173 Copyright © 2010, Juniper Networks, Inc.
Page 203: Configuring Firewall Filter For Inet6 Family Type (Nsm Procedure)
Configure accounting for Click Accounting Profile next to filter. firewall filters. Click Add new entry next to Accounting Profile. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 204 20. From the Loss Priority list, set the packet loss priority (PLP) to low, medium-low, medium-high, or high. In the Forwarding Class box, enter the packet forwarding class name. 22. From the Prefix Action list, select the prefix specific action. Copyright © 2010, Juniper Networks, Inc.
Page 205: Configuring Service Filters For Inet6 (Nsm Procedure)
Task Your Action Configure service filter. Click Service Filter next to inet. Click Add new entry next to Service Filter. Expand service-filter. In the Name box, enter the name that identifies the service filter. Copyright © 2010, Juniper Networks, Inc.
Page 206: Configuring The Firewall Filter For Mpls Family Type (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Firewall > Family > MPLS. Add or modify settings as specified in Table 87 on page 175. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 207: Table 87: Mpls Firewall Filter Configuration Details
Configure accounting for Click Accounting Profile next to filter. firewall filters. Click Add new entry next to Accounting Profile. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 208 Configuring the Firewall Filter for Any Family Type (NSM Procedure) on page 159 Configuring Filters for inet Family Type (NSM Procedure) on page 165 Configuring Filters for inet6 Family Type (NSM Procedure) on page 170 Copyright © 2010, Juniper Networks, Inc.
Page 209: Configuring The Firewall Filter For Vpls Family Type (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Firewall > Family > VPLS. Add or modify settings as specified in Table 88 on page 178. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 210: Table 88: Vpls Firewall Filter Configuration Details
Configure accounting for Click Accounting Profile next to filter. firewall filters. Click Add new entry next to Accounting Profile. In the New accounting-profile window, enter the name to be assigned to the accounting profile. Copyright © 2010, Juniper Networks, Inc.
Page 211 Expand Three Color Policer. Click Single Rate next to Three Color Policer. Select one of the following: single-rate—If the named tricolor policer is a single-rate policer. two-rate—If the named tricolor policer is a two-rate policer. Copyright © 2010, Juniper Networks, Inc.
Page 212: Configuring A Policer For A Firewall Filter
Set the bandwidth limit or percentage for the bandwidth allowed—for example, 2k. allowed for this type of traffic—for example, use a bandwidth percent of 10. Select Bandwidth Limit, select bandwidth-limit. In the box, type 10. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 213 Table 89: Configuring a Policer for a Firewall Filter (continued) Enter the loss priority for packets exceeding the limits Select Then. established by the policer—for example, high. In the Comment field, enter high. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 215: Configuring Forwarding Options
Cancel—Cancels the modifications. Table 90: Accounting Options Configuration Details Task Your Action Configure an accounting Click Add new entry next to Accounting. group. In the Name box, type the name of the accounting group. Copyright © 2010, Juniper Networks, Inc.
Page 216 From the Engine Id list, select the identity of the accounting interface. From the Engine Type list, select the type of this accounting interface. In the Source Address box, enter the address used for generating packets. Copyright © 2010, Juniper Networks, Inc.
Page 217: Configuring The Extended Dhcp Agent (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Forwarding Options > DHCP Relay. Select Authentication. Add or modify Authentication settings as specified in Table 91 on page 186. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 218: Configuring Group (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > DHCP Relay. Select Group. Copyright © 2010, Juniper Networks, Inc.
Page 219: Agent (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, select Forwarding Options > DHCP Relay. Select Overrides. Copyright © 2010, Juniper Networks, Inc.
Page 220: Table 93: Overrides Configuration Details
From the Interface Client Limit limit. list, select the interface client limit. No Arp Disable Address Resolution Select the No Arp check box to Protocol entry for this client. drop the unwanted ARP requests. Copyright © 2010, Juniper Networks, Inc.
Page 221: Configuring Relay Option 60 Information For Forwarding Client Traffic To Specific Dhcp Servers (Nsm Procedure)
DHCP relay server group. servers. Select Drop to drop DHCP client packets that contain an option 60 string that matches the ASCII or hexadecimal match string and match criteria. Copyright © 2010, Juniper Networks, Inc.
Page 222: Configuring Relay Option 82 For A Dhcp Server (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Forwarding Options > DHCP Relay. Select Relay Option 82. Add or modify settings as specified in Table 95 on page 191. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 223: Specifying The Name Of A Group Of Dhcp Server Addresses For Use By The Extended Dhcp Relay Agent (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Forwarding Options > DHCP Relay. Select Server Group. Add or modify settings as specified in Table 96 on page 192. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 224: Configuring Operations For Extended Dhcp Relay Agent Processes
In the Comment box, enter the comment for the for extended DHCP relay traceoptions. agent processes. Select the No Remote Trace check box to disable remote tracing globally or for a specific tracing operation. Copyright © 2010, Juniper Networks, Inc.
Page 225: Specifying Address Family For Filters (Nsm Procedure)
Click Filter next to Inet, Inet6, or Mpls. forwarding table. In the Comment box, enter the comment. From the Input list, select the name of the applied filter. From the Output list, select the name of the applied filter. Copyright © 2010, Juniper Networks, Inc.
Page 226: Configuring Load Balancing Using Hash Key (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Forwarding Options > Hash Key. Add or modify settings as specified in Table 99 on page 195. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 227: Configuring Helpers (Nsm Procedure)
Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) on page 203 Configuring Helpers (NSM Procedure) You can enable Trivial File Transfer Protocol (TFTP) or Domain Name System (DNS) request packet forwarding, or configure the router or interface to act as a Dynamic Host Copyright © 2010, Juniper Networks, Inc.
Page 228: Configuring A Router Or Interface To Act As A Bootstrap Protocol Relay
From the Minimum Wait Time list, select the minimum time allowed. Default: 3 seconds From the Client Response Ttl list, select the IIP time-to-live (TTL) value in DHCP response packets sent to a DHCP client. Copyright © 2010, Juniper Networks, Inc.
Page 229 ID. Click Vendor Id next to Dhcp Option82. In the Comment box, enter the comment. In the Use String check box, enter the raw string instead of the default remote ID. Copyright © 2010, Juniper Networks, Inc.
Page 230 From the Minimum Wait Time list, select the minimum time allowed. Default: 3 seconds From the Client Response Ttl list, select the IIP time-to-live (TTL) value in DHCP response packets sent to a DHCP client. Copyright © 2010, Juniper Networks, Inc.
Page 231: Enabling Dns Request Packet Forwarding
DNS and TFTP request packets. To enable DNS request packet forwarding in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 232: Table 101: Dns And Tftp Configuration Details
Click Server next to Domain. In the Comment box, enter the comment. In the Address box, enter the address of the server. 20. Expand Server. Click Logical System next to Server. 22. Select logical-system or routing-instance. Copyright © 2010, Juniper Networks, Inc.
Page 233: Configuring A Port For A Dhcp Or Bootp Relay Agent
Click the Configuration tab. In the configuration tree, expand Forwarding Options > Helpers. Select Port. Add or modify settings as specified in Table 102 on page 202. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 234: Configuring Tracing Operations For Bootp, Dns, And Tftp Packet
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Helpers > TFTP. Copyright © 2010, Juniper Networks, Inc.
Page 235: Configuring Per-Flow And Per-Prefix Load Balancing (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Load Balance. Add or modify settings as specified in Table 104 on page 204. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 236: Configuring Port Mirroring (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Forwarding Options > Port Mirroring. Add or modify settings as specified in Table 105 on page 205. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 237: Table 105: Port Mirroring Configuration Details
Range: 1 through 65,535 From the Run Length list, select the number of samples following the initial trigger event. This allows you to sample packets following those already being sampled. Range: 0 through 20 Default: 0 Copyright © 2010, Juniper Networks, Inc.
Page 238 Related Topics Configuring Per-Flow and Per-Prefix Load Balancing (NSM Procedure) on page 203 Configuring Load Balancing Using Hash Key (NSM Procedure) on page 194 Specifying Address Family for Filters (NSM Procedure) on page 193 Copyright © 2010, Juniper Networks, Inc.
Page 239: Configuring Interfaces
Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. NOTE: You can also configure interfaces through the Quick Configuration tab. Also, you can configure interfaces in a Config group and apply them to the interface node. Copyright © 2010, Juniper Networks, Inc.
Page 240: Damping Interface Transitions (Nsm Procedure)
Similarly when an interface goes from down to up, it is not advertised as being up until it has remained up for the hold-time period. To configure hold time value to use to damp interface transitions: Copyright © 2010, Juniper Networks, Inc.
Page 241: Configuring Receive Bucket Properties On Interfaces (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 108 on page 210. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 242: Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 109 on page 211. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 243: Configuring Transmit Leaky Bucket Properties (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 110 on page 212. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 244: Configuring Logical Interface Properties (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 111 on page 213. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 245: Configuring An Ip Demux Underlying Interface (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 112 on page 214. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 246: Configuring The Logical Demux Source Family Type On The Ip Demux Underlying Interface (Nsm Procedure)
Configuring Epd Threshold for the Logical Interface (NSM Procedure) To configure Epd threshold for the logical interface in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 247: Configuring Protocol Family Information For The Logical Interface
Procedure) on page 230 6. Configuring Protocol Family (TCC) Information for the Logical Interface (NSM Procedure) on page 232 Configuring Protocol Family (Ccc) Information for the Logical Interface (NSM Procedure) To configure ccc family information in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 248: Table 115: Ccc Family Configuration Details
Click Add new entry next to output-list. In the New output-list window, enter the filter names. Up to 16 filters can be included in a filter input list. Copyright © 2010, Juniper Networks, Inc.
Page 249: Configuring Protocol Family (Inet) Information For The Logical Interface
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 116 on page 218. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 250: Table 116: Inet Family Configuration Details
Click Source Class Usage next to Accounting. In the Comment box, enter the comment. Select the Input check box to configure at least one expected ingress point. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 251 Virtual Router Redundancy Protocol (VRRP) advertisement packets. Range: 100 through 999 milliseconds inet6-advertise-interval—To configure the interval between Virtual Router Redundancy Protocol (VRRP) IPv6 advertisement packets Range: 100 to 40,950 milliseconds (ms) Copyright © 2010, Juniper Networks, Inc.
Page 252 In the Comment box, enter the comment. From the Priority Cost list, select the VRRP routers’ priority cost for becoming the master default router. The router with the highest priority within the group becomes the master. Range: 1 through 254 Copyright © 2010, Juniper Networks, Inc.
Page 254 In the Comment box, enter the comment. direction of Select the Input check box to configure at least one expected ingress traffic to be point. sampled. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 255: Configuring Protocol Family (Inet6) Information For The Logical Interface (Nsm
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 117 on page 224. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 256: Table 117: Inet6 Family Configuration Details
Click Source Class Usage next to Accounting. In the Comment box, enter the comment. Select the Input check box to configure at least one expected ingress point. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 257 Virtual Router Redundancy Protocol (VRRP) advertisement packets. Range: 100 through 999 milliseconds inet6-advertise-interval—To configure the interval between Virtual Router Redundancy Protocol (VRRP) IPv6 advertisement packets Range: 100 to 40,950 milliseconds (ms) Copyright © 2010, Juniper Networks, Inc.
Page 258 In the Comment box, enter the comment. From the Priority Cost list, select the VRRP router’s priority cost for becoming the master default router. The router with the highest priority within the group becomes the master. Range: 1 through 254 Copyright © 2010, Juniper Networks, Inc.
Page 260 In the Comment box, enter the comment. traffic to be sampled. Select the Input check box to configure at least one expected ingress point. Select the Output check box to configure at least one expected egress point. Copyright © 2010, Juniper Networks, Inc.
Page 261: Configuring Protocol Family (Iso) Information For The Logical Interface
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 118 on page 230. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 262: Configuring Protocol Family (Mpls) Information For The Logical Interface
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Interfaces. Select Interface. Add or modify settings as specified in Table 119 on page 231. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 263: Table 119: Mpls Family Configuration Details
In the Input box, enter the name of one policer to evaluate when packets are received on the interface. In the Output box, enter the name of one policer to evaluate when packets are transmitted on the interface. Copyright © 2010, Juniper Networks, Inc.
Page 264: Configuring Protocol Family (Tcc) Information For The Logical Interface
When you use an ATM encapsulation on ATM1 and ATM2 IQ interfaces, you can define bandwidth utilization, which consists of either a constant rate or a peak cell rate, with sustained cell rate and burst tolerance. To configure traffic shaping profile in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 265: Table 121: Traffic Shaping Configuration Details
ATM2 IQ PICs. In the Comment box, enter the comment. In the Peak box, enter the peak rate. In the Sustained box, enter the sustained rate. In the Burst box, enter the burst length. Copyright © 2010, Juniper Networks, Inc.
Page 266: Configuring Interface Set On The Routing Platform (Nsm Procedure)
From the Name list, select the outer VLAN ID. In the Comment box, enter the comment. Related Topics Configuring Interfaces on the Routing Platform (NSM Procedure) on page 207 Configuring Trace Options on the Routing Platform (NSM Procedure) on page 235 Copyright © 2010, Juniper Networks, Inc.
Page 267: Configuring Trace Options On The Routing Platform (Nsm Procedure)
Select kernel-detail to log details of configuration messages to kernel. Select config-states to log the configuration state machine changes. Enter the comment for the flag. Select the Disable check box to disable the tracing operation. Copyright © 2010, Juniper Networks, Inc.
Page 268 M-series and MX-series Devices Related Topics Configuring Interfaces on the Routing Platform (NSM Procedure) on page 207 Configuring Interface set on the Routing Platform (NSM Procedure) on page 234 Copyright © 2010, Juniper Networks, Inc.
Page 269: Configuring Multicast Snooping Options
In the Devices list, double click the device to select it. In the Configuration tab, expand Multicast Snooping Options. Add or modify the settings as specified in Table 124 on page 238. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 270: Table 124: Multicast Snooping Options Configuration Details
From the Mark list, select the time interval in seconds to mark the trace file. Range : -2147483647 seconds to 2147483647 Seconds Default : 0 Expand Syslog. Click Level next to Syslog. Select the Level of severity to be logged. Copyright © 2010, Juniper Networks, Inc.
Page 271 Click Flag next to Trace Options. Click Add new entry next to flag. From the Name list, select a tracing operation to perform. In the Comment box, enter the comments. Copyright © 2010, Juniper Networks, Inc.
Page 273: Configuring Policy Options
Devices Click the tab. Configuration In the configuration tree, expand Policy Options Select As Path Add or modify the parameters as specified in Table 125 on page 242. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 274: Configuring An As Path Group In A Bgp Routing Policy (Nsm Procedure)
Select As Path Group. Add or modify the parameters as specified in Table 126 on page 243. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 275: Configuring A Community For Use In Bgp Routing Policy Conditions
In the configuration tree, expand Policy Options. Select Community. Add or modify the parameters as specified in Table 127 on page 244. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 276: Configuring A Bgp Export Policy Condition (Nsm Procedure)
In the configuration tree, expand Policy Options. Select Condition. Add or modify the parameters as specified in Table 128 on page 245. Click one: OK—To save the changes. Cancel—To cancel the modifications. Apply — To apply the protocol settings. Copyright © 2010, Juniper Networks, Inc.
Page 277: Configuring Flap Damping To Reduce The Number Of Bgp Update Messages(Nsm Procedure)
To configure damping for a BGP routing policy in NSM: In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Policy Options. Select Damping. Copyright © 2010, Juniper Networks, Inc.
Page 278: Table 129: Damping Configuration Details
Max Suppress Indicates the maximum time in minutes Enter the time limit or select it from that a route can be suppressed no the list. matter how unstable it has been. Click OK. Copyright © 2010, Juniper Networks, Inc.
Page 279: Configuring A Routing Policy Statement (Nsm Procedure)
Edit button. Select policy-statement Specify the name. Comment Specifies the comment for the policy Click the New button or select a statement. policy statement and click Edit button. Select policy-statement Specify the comment. Copyright © 2010, Juniper Networks, Inc.
Page 280: Configuring Prefix List (Nsm Procedure)
This feature enables you to create a named prefix list and include it in a routing policy. To configure prefix list in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 281: Table 131: Configuring Prefix List Fields
Prefix List Item Specifies the prefix list item. Click the New button or select a prefix list and click Edit button. Expand prefix-list tree and select Prefix List Item. Specify the name and comment. Copyright © 2010, Juniper Networks, Inc.
Page 283: Configuring Protocols
In asynchronous mode, both endpoints periodically send Hello packets to each other. If a number of those packets are not received, the session is considered down. In demand mode, no Hello packets are Copyright © 2010, Juniper Networks, Inc.
Page 284: Configuring Bgp (Nsm Procedure)
The primary function of a BGP speaking system is to exchange network reachability information with other BGP systems. This feature enables you to configure BGP peering sessions. To configure BGP in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 285: Table 133: Bgp Configuration Fields
Enables you to specify the metric value Expand the tree. Protocol to add to the routes transmitted to the Select and select Metric Out neighbor. tab. Set up the metric value and minimum IGP. Copyright © 2010, Juniper Networks, Inc.
Page 286 Enables you to configure BGP with a Expand the Protocol tree. different local autonomous session (AS) Select and select Local As tab. number for each BGP session Enter the comment, as number, loop and specify whether it is private. Copyright © 2010, Juniper Networks, Inc.
Page 287: Configuring The Ilmi Protocol (Nsm Procedure)
Task Your Action Define tracing options. In the Comment box, enter the comment for the traceoptions. Select the No Remote Trace check box to disable remote tracing globally or for a specific tracing operation. Copyright © 2010, Juniper Networks, Inc.
Page 288: Configuring Layer 2 Address Learning And Forwarding Properties
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > L2 Learning. Copyright © 2010, Juniper Networks, Inc.
Page 289: Configuring Layer 2 Circuit (Nsm Procedure)
You can configure a virtual circuit entirely on the local router, terminating the circuit on a local interface. Possible uses for this feature include being able to enable switching between frame relay Data-Link Connection Identifier (DLCI)s. To configure local interface switching in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 290: Configuring The Neighbor Interface For The Layer 2 Circuit
(transporting the Layer 2 circuit). To configure a neighbor interface in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 291: Table 137: Neighbor Interface Configuration Details
PE router. From the Switchover Delay list, select the time to wait before switching to the backup pseudowire after the primary pseudowire fails. Range: 0 through 180,000 milliseconds Default: 10,000 milliseconds Copyright © 2010, Juniper Networks, Inc.
Page 292 From the Incoming Label list, select the incoming label for the static pseudowire. Range: 1000000 through 1048575 From the Outgoing Label list, select the outgoing label for the static pseudowire. Range: 299776 through 1048575 Select the Send Oam check box to send oam. Copyright © 2010, Juniper Networks, Inc.
Page 293: Tracing Layer 2 Circuit Creation And Changes (Nsm Procedure)
In the Comment box, enter the comment for the flag. Select the modifier for the tracing flag. Select one the following check boxes. Send—Packets being transmitted Receive—Packets being received Detail—Detailed trace information Disable—Disable tracing Copyright © 2010, Juniper Networks, Inc.
Page 294: Configuring Layer 2 Protocol Tunneling And Bpdu Protection
Default: If this option is not configured, the interface is not periodically checked and remains disabled Click Interface next to Bpdu Block. Click Add new entry next to Interface. In the Name box, enter the interface name. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 295 Select the Disable check box to disable the tracing operation. Related Topics Configuring Link Management Protocol (NSM Procedure) on page 275 Configuring Layer 2 Address Learning and Forwarding Properties (NSM Procedure) on page 256 Copyright © 2010, Juniper Networks, Inc.
Page 296: Configuring Label Distribution Protocol (Nsm Procedure)
In the Configuration tab, expand Protocols > LDP. Add or modify the settings as specified in Table 140 on page 265. Click one: OK — To save the changes Cancel — To cancel the modifications Copyright © 2010, Juniper Networks, Inc.
Page 297: Table 140: Ldp Configuration Details
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 298 Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non-members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 299 Click Log Updown next to LDP. In the Comment box, enter the comment. Click Trap next to Log Updown. In the Comment box, enter the comment. Select the Disable check box to disable LDP traps. Copyright © 2010, Juniper Networks, Inc.
Page 300 Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 301 Click Detection Time next to Bfd Liveness Detection. In the Comment box, enter the comment. From the Threshold list, select the time the BFD session must remain up before state change notification is sent. Range: 1 through 4294967295 Copyright © 2010, Juniper Networks, Inc.
Page 302 From the Minimum Interval list, select the minimum transmit and receive interval. Range: 1 through 255,000 From the Threshold list, select the time the BFD session must remain up before state change notification is sent. Range: 1 through 4294967295 Copyright © 2010, Juniper Networks, Inc.
Page 303 From the Fanout list, select the maximum number of next hops to search per node. Range: 1 through 16 Select Disable check box to disable tracing for a specific FEC. Range: 1 through 16 Copyright © 2010, Juniper Networks, Inc.
Page 304 From the Exp list, select the class of service to use when sending probes. Range: 0 through 7 From the Fanout list, select the maximum number of next hops to search per node. Range: 1 through 16 Copyright © 2010, Juniper Networks, Inc.
Page 305 In the Comment box, enter the comment. From the Hello Interval list, select the hello interval in seconds. Range: 1 through 65535 From the Hold Time list, select the hold time interval in seconds. Range: 1 through 65535 Copyright © 2010, Juniper Networks, Inc.
Page 306 From the Files list, select the maximum number of trace files. Range: 2 through 1000 Select one of the following: world-readable—To enable unrestricted file access. no-world-readable—To restrict file access to owner. This is the default setting. Copyright © 2010, Juniper Networks, Inc.
Page 307: Configuring Link Management Protocol (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Protocols > Link Management. Add or modify the settings as specified in Table 141 on page 276. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 308: Table 141: Link Management Protocol Configuration Details
In the Address box, enter the ID of the peer. Expand Peer. Click Control Channel next to Peer. Click Add new entry next to Control Channel. In the dialog box, enter the name of the control channel interface. Copyright © 2010, Juniper Networks, Inc.
Page 309 LMP control channels. Click Te-Link next to peer. Click Add new entry next to Te-Link. In the dialog box, enter the name of the te-link to be associated with this peer. Copyright © 2010, Juniper Networks, Inc.
Page 310 Click Add new entry next to flag. From the Name list, select a tracing operation to perform. In the Comment box, enter the comment. Related Topics Configuring the ILMI Protocol (NSM Procedure) on page 255 Copyright © 2010, Juniper Networks, Inc.
Page 311: Configuring Mpls Protocol (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 142 on page 280. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 312: Table 142: Mpls Configuration Details
From the Revert Timer list, select the amount of time (in seconds) that an LSP must wait before traffic reverts to a primary path. Range: 0 through 65,535 seconds Default: 60 seconds Copyright © 2010, Juniper Networks, Inc.
Page 313 LSP should not record the routes in the path. 24. Select the standby check box to have the path remain up at all times to provide instant switchover if connectivity problems occur. Copyright © 2010, Juniper Networks, Inc.
Page 314: Configuring Administrative Group (Nsm Procedure)
To configure administrative groups in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Copyright © 2010, Juniper Networks, Inc.
Page 315: Configuring Bandwidth For The Reroute Path (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 145 on page 284. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 316: Configuring Diffserv-Aware Traffic Engineering (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 146 on page 285. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 317: Configuring Mpls On Interfaces (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 147 on page 286. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 318: Table 147: Interface Configuration Details
Select one of the following: next hop to the destination. next-hop—to configure the IP address of the next hop to the destination. Enter the IP address of the next-hop router. reject—to reject the packet. discard—to discard the packet. Copyright © 2010, Juniper Networks, Inc.
Page 319: Configure A Label Switched Path (Lsp) To Use In Dynamic Mpls
Click the Configuration tab. In the configuration tree, expand Protocols. Select Label Switched Path. Add or modify settings as specified in Table 148 on page 288. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 320: Table 148: Lsp Configuration Details
From the Hop Limit list, select the maximum number of hops. Range: 2 through 255 (for an LSP); 0 through 255 (for fast reroute) Default: 255 (for an LSP); 6 (for fast reroute) Select the No Cspf check box to disable constrained-path LSP computation. Copyright © 2010, Juniper Networks, Inc.
Page 321 From the Reservation Priority list, select the reservation priority. Range: 0 through 7, where 0 is the highest and 7 is the lowest priority. Default: 0 (Once the session is set up, no other session can preempt it.) Copyright © 2010, Juniper Networks, Inc.
Page 322: Configuring Administrative Group (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > MPLS. Select Label Switched Path. Add or modify settings as specified in Table 149 on page 291. Click one: OK—Saves the changes. Copyright © 2010, Juniper Networks, Inc.
Page 323: Procedure)
Click the Configuration tab. In the configuration tree, expand Protocols > MPLS. Select Label Switched Path. Add or modify settings as specified in Table 150 on page 292. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 324: Configuring Bandwidth For The Reroute Path (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 151 on page 293. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 326: Adding Lsp-Related Routes To The Inet.3 Routing Table (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 153 on page 295. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 327: Configuring Mpls Lsps For Gmpls (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 154 on page 296. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 328: Configuring Bfd For Mpls Ipv4 Lsps (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Copyright © 2010, Juniper Networks, Inc.
Page 329: Table 155: Oam Configuration Details
LSP, an attempt is made to signal a new LSP path before tearing down the old LSP path. In the Comment box, enter the comment. From the Teardown Timeout list, select the time in seconds. Copyright © 2010, Juniper Networks, Inc.
Page 330: Configuring The Primary Point-To-Multipoint Lsp (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 156 on page 299. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 331: Configuring Policers For Lsps (Nsm Procedure)
Click Policing next to label-switched-path. In the Comment box, enter the comment. From the Filter list, select the name of the policing filter. Select the No Auto Policing check box to disable automatic policing on this LSP. Copyright © 2010, Juniper Networks, Inc.
Page 332: Configuring Primary Paths For An Lsp (Nsm Procedure)
From the Hop Limit list, select the maximum number of hops. Range: 2 through 255 (for an LSP); 0 through 255 (for fast reroute) Select the No Cspf check box to disable constrained-path LSP computation. Copyright © 2010, Juniper Networks, Inc.
Page 333 In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Copyright © 2010, Juniper Networks, Inc.
Page 334: Table 159: Administrative Group Configuration Details
Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 160 on page 303. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 335: Table 160: Bandwidth Configuration Details
Click Add new entry next to Primary. Click Oam next to primary. In the Comment box, enter the comment. From the Lsp Ping Interval list, select the duration of the LSP ping interval in seconds. Copyright © 2010, Juniper Networks, Inc.
Page 336 BFD session. Range: 1 through 255,000 milliseconds From the Threshold list, select the threshold for detecting the adaptation of the transmit interval. Range: 0 through 4,294,967,295 milliseconds Copyright © 2010, Juniper Networks, Inc.
Page 337: Configuring Secondary Paths For An Lsp (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Copyright © 2010, Juniper Networks, Inc.
Page 338: Table 162: Secondary Paths Configuration Details
Range: 2 through 255 (for an LSP); 0 through 255 (for fast reroute) Default: 255 (for an LSP); 6 (for fast reroute) Select the No Cspf check box to disable constrained-path LSP computation. Copyright © 2010, Juniper Networks, Inc.
Page 339 In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Copyright © 2010, Juniper Networks, Inc.
Page 340: Table 163: Administrative Group Configuration Details
Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 164 on page 309. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 341: Table 164: Bandwidth Configuration Details
Click Add new entry next to Secondary. Click Oam next to secondary. In the Comment box, enter the comment. From the Lsp Ping Interval list, select the duration of the LSP ping interval in seconds. Copyright © 2010, Juniper Networks, Inc.
Page 343 Click the Configuration tab. In the configuration tree, expand Protocols > Mpls. Select Label Switched Path. Add or modify settings as specified in Table 166 on page 312. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 344: Table 166: Egress Router Address Configuration Details
(KB), megabytes (MB), or gigabytes (GB). From the Files list, select the maximum number of trace files. Range: 2 through 1000 Select one of the following: world-readable—To enable unrestricted file access. no-world-readable—To restrict file access to owner. Copyright © 2010, Juniper Networks, Inc.
Page 345: Procedure)
Select the Trap Path Down check box to generate SNMP traps whenever an LSP path goes down. Select the Trap Path Up check box to generate SNMP traps whenever an LSP path goes up. Copyright © 2010, Juniper Networks, Inc.
Page 346: Configuring Bfd For Mpls Ipv4 Lsps (Nsm Procedure)
Your Action Enable OAM for Click Oam next to Mpls. RSVP-signaled LSPs. In the Comment box, enter the comment. From the Lsp Ping Interval list, select the duration of the LSP ping interval in seconds. Copyright © 2010, Juniper Networks, Inc.
Page 347 BFD session. Range: 1 to 255,000 milliseconds From the Threshold list, select the threshold for detecting the adaptation of the transmit interval. Range: 0 to 4,294,967,295 Copyright © 2010, Juniper Networks, Inc.
Page 348: Configuring Named Paths (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 170 on page 317. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 349: Configuring Mtu Signaling In Rsvps (Nsm Procedure)
Select the Enable Feature check box to enable the option. packet fragmentation and In the Comment box, enter the comment. MTU signaling. Select the Allow Fragmentation check box to allow IP packets to be fragmented before they are encapsulated in MPLS. Copyright © 2010, Juniper Networks, Inc.
Page 350: Configuring Static Lsps On The Ingress Router (Nsm Procedure)
In the Name box, enter the name of the routing table. In the Comment box, enter the comment. In the Next Hop box, enter the IP address of the next hop to the destination. Copyright © 2010, Juniper Networks, Inc.
Page 351: Configuring Mpls Statistics (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 173 on page 320. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 352: Tracing Mpls Packets And Operations (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Mpls. Add or modify settings as specified in Table 174 on page 321. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 353: Configuring Msdp Protocol (Nsm Procedure)
You can enable multicast source discovery protocol (MSDP) on the router using the MSDP option. To enable MSDP on the router in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 354: Configuring The Msdp Active Source Limit (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Msdp. Add or modify settings as specified in Table 176 on page 323. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 355: Configuring Export Policy (Nsm Procedure)
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 356: Configuring Msdp Peer Group
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 357: Configuring Msdp Peers (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Msdp. Add or modify settings as specified in Table 179 on page 326. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 358: Table 179: Msdp Peer Configuration Details
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 359: Configuring A Routing Table Group With Msdp (Nsm Procedure)
Your Action Associate a routing table Click Rib Group next to Msdp. group with MSDP. In the Comment box, enter the comment. In the Ribgroup Name box, enter the name of the routing table group. Copyright © 2010, Juniper Networks, Inc.
Page 360: Configuring Per-Source Active Source Limit (Nsm Procedure)
To configure traceoptions in NSM: In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Copyright © 2010, Juniper Networks, Inc.
Page 361: Configuring Mstp (Nsm Procedure)
In the navigation tree, select Device Manager > Devices. In Device Manager, select the device for which you want to configure a port mirror analyzer. In the Configuration tree, expand Protocols > MSTP. Add/modify MSTP settings as specified in Table 183 on page 330. Copyright © 2010, Juniper Networks, Inc.
Page 362: Table 183: Mstp Configuration Fields
Bridge Priority Specifies the bridge priority. Enter a value. Bpdu Block on Edge Specifies whether Bpdu blocks must be Select to enable the feature. processed. Copyright © 2010, Juniper Networks, Inc.
Page 363: Configuring Ospf (Nsm Procedure)
Devices Click the tab. Configuration In the configuration tree, expand and select Protocols OSPF Add/Modify the parameters under the respective tabs as specified in Table 184 on page 332. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 364: Table 184: Ospf Configuration Fields
You can update multiple devices at one time. See Updating Devices for more information. Table 184: OSPF Configuration Fields Option Function Your Action OSPF Copyright © 2010, Juniper Networks, Inc.
Page 365 Specify whether NSSA ABR has to be configured. To enable NSSA ABR, clear the check box. To disable NSSA ABR, select the check the check box. Area Enables you to set up the area details for OSPF. Copyright © 2010, Juniper Networks, Inc.
Page 367: Configuring Rip (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information. Copyright © 2010, Juniper Networks, Inc.
Page 368: Table 185: Rip Configuration Fields
Set up the Bfd Liveness Detection , Export, Import and Neighbor for RIP. Import Enables you to specify the import Expand the tree and select policies to be configured on the peer. Import Specify the import policies. Copyright © 2010, Juniper Networks, Inc.
Page 369: Configuring Ripng Protocol (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 186 on page 338. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 370: Configuring Graceful Restart For Ripng (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 187 on page 339. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 371: Configuring Group
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 188 on page 340. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 372: Table 188: Group Configuration Details
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 373: Applying Policies To Routes Exported By Ripng (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Copyright © 2010, Juniper Networks, Inc.
Page 374: Configuring Ripng Neighbor Properties
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 191 on page 343. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 375: Table 191: Neighbor Properties Configuration Details
Click Remove after selecting a policy from the Members list to remove it from the Members list. Click Add All to add all the Non members to the Members list. Click Remove All to remove all the members from the Members list. Copyright © 2010, Juniper Networks, Inc.
Page 376: Table 193: Receive Message Update Configuration Details
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 194 on page 345. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 377: Enable Or Disable Receiving Of Update Messages (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 196 on page 346. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 378: Configuring Ripng Traceoptions (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Ripng. Add or modify settings as specified in Table 197 on page 347. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 379: Configuring Router Advertisement (Nsm Procedure)
Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select Router Advertisement. Add or modify settings as specified in Table 198 on page 348. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 380: Table 198: Router Advertisement Configuration Details
From the Current Hop Limit list, select the hop limit. Range: 0 through 255 Default: 6 From the Default Lifetime list, select the default lifetime. Range: Maximum advertisement interval value through 9000 seconds Default: Three times the maximum advertisement interval value Copyright © 2010, Juniper Networks, Inc.
Page 381 Click Flag next to Traceoptions. Click Add new entry next to Flag. From the Name list, select the flag to perform the trace operation. In the Comment box, enter the comment for the flag. Copyright © 2010, Juniper Networks, Inc.
Page 382: Configuring Icmp Router Discovery (Nsm Procedure)
From the Priority list, select the preference of the addresses for becoming the default router. Range: 0 through 0x80000000 Default: 0 (This address has the least chance of becoming the default router.) Copyright © 2010, Juniper Networks, Inc.
Page 383: Configuring Rsvp (Nsm Procedure)
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Protocols. Select RSVP. Copyright © 2010, Juniper Networks, Inc.
Page 384: Table 200: Rsvp Configuration Details
In the Comment box, enter the comment for the fast reroute. From the Optimize Timer list, select the number of seconds between fast reroute detour Label-Switched Paths (LSP). Range: 0 through 65,535 seconds Default: 0 (disabled) Copyright © 2010, Juniper Networks, Inc.
Page 385 In the Bandwidth box, enter the bandwidth in bits per second. From the Update Threshold list, select the percentage change in bandwidth to trigger an Interior Gateway Protocol (IGP) update. Range: 1 through 60 seconds Default: 9 seconds Copyright © 2010, Juniper Networks, Inc.
Page 386 From the Reservation Priority list, select the reservation priority. Range: 0 through 7, where 0 is the highest and 7 is the lowest priority. Default: 0 (Once the session is set up, no other session can preempt it.) Copyright © 2010, Juniper Networks, Inc.
Page 387 Select one of the following: loose—If the LSP can traverse other routers before reaching this router. strict—If the LSP must go to the next address specified in the path statement without traversing other nodes. Copyright © 2010, Juniper Networks, Inc.
Page 388 From the Hello Interval list, select the length of time between hello packets. A value of 0 disables the sending of hello packets on the interface. Range: 1 through 60 seconds Default: 9 seconds Copyright © 2010, Juniper Networks, Inc.
Page 389 RSVP traffic. Range: 0 to 8 devices Related Topics Configuring the ILMI Protocol (NSM Procedure) on page 255 Configuring Link Management Protocol (NSM Procedure) on page 275 Copyright © 2010, Juniper Networks, Inc.
Page 390: Configuring Vrrp (Nsm Procedure)
You can update multiple devices at one time. See Updating Devices for more information. Table 201: VRRP Configuration Fields Field Function Your Action VRRP Comment Specifies comment for VRRP. Expand the tree and select Protocol VRRP Enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 391: Configuring Vstp (Nsm Procedure)
NOTE: After you make changes to a device configuration, you must push that updated device configuration to the physical security device for those changes to take effect. You can update multiple devices at one time. See Updating Devices for more information. Copyright © 2010, Juniper Networks, Inc.
Page 392: Table 202: Vstp Configuration Fields
Traceoptions Enables you to configure VSTP level Expand the tree. Protocol tracing options. Select and expand the tree. VSTP Select Traceoptions Set up the file and flag parameters. Copyright © 2010, Juniper Networks, Inc.
Page 393: Configuring Routing Options
Configuring Routing Table Groups (NSM Procedure) on page 383 Configuring Source Routing (NSM Procedure) on page 384 Configuring Static Routes (NSM Procedure) on page 385 Configuring Topologies (NSM Procedure) on page 386 Configuring Traceoptions (NSM Procedure) on page 387 Copyright © 2010, Juniper Networks, Inc.
Page 394: Configuring Confederation (Nsm Procedure)
Network and Security Manager Administration Guide for more information. Table 203: Confederation Fields Option Function Your Action Comment Specifies the comment for the Enter a comment. confederation. Confederation As Specifies the confederation AS number. Enter a number from 1 through 65535. Copyright © 2010, Juniper Networks, Inc.
Page 395: Configuring Dynamic Tunnels (Nsm Procedure)
The only valid value is gre (for GRE tunnels). Click Destination Networks next to dynamic-tunnel. Click Add new entry next to Destination Networks. In the Name box, enter the prefix name. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 396: Configuring Fate Sharing (Nsm Procedure)
All objects are treated as /32 host addresses. You can specify one or more objects within a group. The objects can be LAN interfaces, device IDs, or point-to-point links. To configure fate sharing in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 397: Table 205: Fate Sharing Fields
Edit button. the cost, the less likely a backup path will share any objects in the group with Enter the cost or select a value from the primary path. the list. Copyright © 2010, Juniper Networks, Inc.
Page 398: Configuring Flow Route (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 399: Table 206: Flow Route Fields
Expand the tree and select Flow procedure. Flow routes are installed into Validation the flow routing table only if they have Enter the comment for the been validated using the validation validation procedure. procedure. Copyright © 2010, Juniper Networks, Inc.
Page 400: Configuring Forwarding Table (Nsm Procedure)
Option Function Your Action Comment Specifies the comment for the Enter a comment. forwarding table. None Specifies that no next- hop parameter Select the option button. is to be added to the forwarding table. Copyright © 2010, Juniper Networks, Inc.
Page 401: Configuring Generated Routes (Nsm Procedure)
To configure generated routes in NSM: In the navigation tree, select Device Manager > Devices In the list, double click the device to select it. Devices Click the tab. Configuration Copyright © 2010, Juniper Networks, Inc.
Page 402: Configuring Instance Export (Nsm Procedure)
To configure an instance export policy in NSM: In the navigation tree, select Device Manager > Devices In the Devices list, double click the device to select it. Click the tab. Configuration In the configuration tree, expand Routing Options Copyright © 2010, Juniper Networks, Inc.
Page 403: Configuring Instance Import (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 404: Configuring Interface Routes (Nsm Procedure)
Interface Routes IPv6. and select Family Click the New button or select a family name and click the Edit button. Enter the family name and comment. Set up the export policy and import policy. Copyright © 2010, Juniper Networks, Inc.
Page 405: Configuring Martian Addresses (Nsm Procedure)
Specifies the martian address or the Click the New button or select a destination prefix of a series of martian martian address and click the Edit addresses that are to be allowed or button. disallowed. Enter the address. Copyright © 2010, Juniper Networks, Inc.
Page 406: Configuring Maximum Paths (Nsm Procedure)
Devices Click the tab. Configuration In the configuration tree, expand Routing Options Select Maximum Paths Enter the parameters as specified in Table 211 on page 375. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 407: Configuring Maximum Prefixes (Nsm Procedure)
. To configure maximum prefixes limit in NSM: In the navigation tree, select Device Manager > Devices In the Devices list, double-click the device to select it. Click the tab. Configuration Copyright © 2010, Juniper Networks, Inc.
Page 409: Configuring Multicast (Nsm Procedure)
Click the New button or select a point-to-multipoint (P2MP) group and click the Edit button. label-switched paths (LSPs) are used for multicast distribution. Configure the PE group name, local address, and backup address. Copyright © 2010, Juniper Networks, Inc.
Page 410 A new entry is created as soon as the number of multicast forwarding cache entries falls below the suppression value. You can also specify a timeout value for all multicast forwarding cache entries. Copyright © 2010, Juniper Networks, Inc.
Page 411 To Specify the address range of the deploy SSM successfully, you need an SSM group. end-to-end multicast-enabled network and applications that use an Internet Group Management Protocol version 3 (IGMPv3). Copyright © 2010, Juniper Networks, Inc.
Page 412: Configuring Options (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 413: Configuring Routing Tables (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 414: Table 215: Rib Fields
Threshold Maximum Prefixes Enables you to configure a limit for the Expand the tree and select number of routes installed in a routing Maximum Prefixes table. Set up the Maximum Prefixes Threshold Copyright © 2010, Juniper Networks, Inc.
Page 415: Configuring Routing Table Groups (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 416: Configuring Source Routing (Nsm Procedure)
IP packet to take on its way to its destination. To configure source routing in NSM: In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 417: Configuring Static Routes (Nsm Procedure)
To configure static routes for a routing table group in NSM: In the navigation tree, select Device Manager > Devices In the list, double-click the device to select it. Devices Click the tab. Configuration Copyright © 2010, Juniper Networks, Inc.
Page 418: Configuring Topologies (Nsm Procedure)
You can also enable a topology for IPv4 multicast traffic. Each topology that you configure creates a new routing table and populates it with direct routes from the topology. To configure topologies in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 419: Configuring Traceoptions (Nsm Procedure)
Devices Click the Configuration tab. In the configuration tree, expand Routing Options Select Traceoptions Add or modify the parameters as specified in Table 220 on page 388. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 420: Table 220: Traceoption Fields
File Enter the file parameters. Flag Specifies the global routing protocol Expand the tree and Traceoptions tracing options to be performed. You can select File specify more than one option. Enter the flag parameters. Copyright © 2010, Juniper Networks, Inc.
Page 421: Configuring Security
Click the Configuration tab. In the configuration tree, expand Security. Select Authentication Key Chains. Add or modify settings as specified in Table 221 on page 390. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 422: Table 221: Security Authentication Key Configuration Details
In the Comment box, enter the comment. In the Secret box, enter the secret for the key in encrypted text. In the Start Time box, enter the start time in UTC (Coordinated Universal Time). Copyright © 2010, Juniper Networks, Inc.
Page 423: Configuring Services
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services. Select Adaptive Services. Add or modify the settings as specified in Table 222 on page 392. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 424: Configuring Border Signaling Gateways (Nsm Procedure)
Configuring Gateway (NSM Procedure) on page 393 Configuring an Admission Controller (NSM Procedure) on page 393 Configuring Session Policy Decision Function (NSM Procedure) on page 394 Configuring Service Point (NSM Procedure) on page 396 Copyright © 2010, Juniper Networks, Inc.
Page 425: Configuring Gateway (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Select Gateway. Add or modify settings as specified in Table 224 on page 394. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 426: Configuring Session Policy Decision Function (Nsm Procedure)
From the Committed Burst Rate list, select the maximum number of transactions allowed to burst above the committed rate and still be accepted. Range: 0 through 3000 Configuring Session Policy Decision Function (NSM Procedure) To configure session policy decision function in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 427: Table 225: Session Policy Decision Configuration Details
Multiservices PIC or DPC. Click Add new entry next to Service Class. In the Name box, enter the identifier for the service class. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 428: Configuring Service Point (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Select Gateway. Add or modify settings as specified in Table 226 on page 397. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 429: Configuring Sip Policies And Timers (Nsm Procedure)
Select the corresponding transport protocol. Configuring SIP Policies and Timers (NSM Procedure) See the following topics: Configuring Message Manipulation Rules (NSM Procedure) on page 398 Configuring New Call Usage Policy (NSM Procedure) on page 399 Copyright © 2010, Juniper Networks, Inc.
Page 430: Table 227: Message Manipulate Rules Configuration Details
In the Comment box, enter the comment. In the With box, enter the regular expression that you want to modify followed by the value with which you want to replace the regular expression. Copyright © 2010, Juniper Networks, Inc.
Page 431 Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Select Gateway. Add or modify settings as specified in Table 228 on page 400. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 432: Table 228: New Call Usage Policy Configuration Details
Define the new call usage Click Term next to new-call-usage-policy. policy term properties. Click Add new entry next to Term. In the Name box, enter the identifier for the term. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 433 Click Add new entry next to Source Address. 22. In the New source-address window, enter the IP addresses that you want to match. Syntax: To specify more than one IP address, enclose the IP addresses in brackets. Copyright © 2010, Juniper Networks, Inc.
Page 434 Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Select Gateway. Add or modify settings as specified in Table 229 on page 403. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 435: Table 229: New Call Usage Policy Set Configuration Details
NOTE: For devices running JUNOS Release 9.5 and later, new transaction policy settings will be available in the device editor only when the policy-management mode is in-device mode. By default, new transaction policy settings can be created only in the Policy Manager and Object Manager. Copyright © 2010, Juniper Networks, Inc.
Page 436: Table 230: Transaction Policy Configuration Details
Click Add new entry next to Source Address. 22. In the New source-address window, enter the IP addresses that you want to match. Syntax: To specify more than one IP address, enclose the IP addresses in brackets. Copyright © 2010, Juniper Networks, Inc.
Page 437 Select the transport protocol for routing to the next hop. request-uri—To route all requests and responses on the dialog according to SIP. Configuring a New Transaction Policy Set (NSM Procedure) To configure a new transaction policy set in NSM: Copyright © 2010, Juniper Networks, Inc.
Page 438: Table 231: Transaction Policy Set Configuration Details
In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the device to select it. Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Copyright © 2010, Juniper Networks, Inc.
Page 439: Configuring Traceoptions (Nsm Procedure)
Click the Configuration tab. In the configuration tree, expand Services > Border Signaling Gateway. Select Gateway. Add or modify settings as specified in Table 233 on page 408. Click one: OK—Saves the changes. Cancel—Cancels the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 440: Table 233: Traceoption Bsg Configuration Details
From the Data list, select the trace level for the data subcomponent. From the Handle list, select the trace level for the access API for the database. From the Db list, select the trace level for the wrapper layer around the database. Copyright © 2010, Juniper Networks, Inc.
Page 441 From the Memory Pool list, select the trace level for the framework subcomponent that creates, deletes, and manipulates memory pools and pool managers, and controls the check-in to and check-out from memory pools of memory objects. Copyright © 2010, Juniper Networks, Inc.
Page 442 SBC utilities. From the Memory Pool list, select the trace level for the message component of SBC utilities. From the Memory Pool list, select the trace level for the memory pool component of SBC utilities. Copyright © 2010, Juniper Networks, Inc.
Page 443 CONTACT replacement and removal or modification of certain headers. From the Policy list, select the trace options for the signaling component that applies policies for call admission, routing decisions, security settings, and so on. Copyright © 2010, Juniper Networks, Inc.
Page 444: Configuring Class Of Service (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > CoS. Add or modify the settings as specified in table Table 234 on page 413. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 445: Table 234: Cos Configuration Details
In the Comment box, enter the comment. 22. In the Dscp box, enter the DSCP mapping that is applied to the packets. 23. In the Forwarding Class box, enter the name of the target application. Copyright © 2010, Juniper Networks, Inc.
Page 446 In the Forwarding Class, enter the forwarding class to which packets are assigned From the Application Profile list, select the identifier for the application profile. Select the Syslog check box to enable system logging. Copyright © 2010, Juniper Networks, Inc.
Page 447: Configuring Intrusion Detection Service (Nsm Procedure)
Click the Device tree tab and then double-click the device to select it. In the Configuration tab, expand Services > Ids. Add or modify the settings as specified in Table 235 on page 416. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 448: Table 235: Ids Configuration Details
Applications, Destination Address, Destination Address Range, Destination Prefix List, Source Address, Source Address Range, and Source Prefix List. Define the IDS term actions. Click Then next to term. In the Comment box, enter the comment. Expand Then. Copyright © 2010, Juniper Networks, Inc.
Page 449 Click Logging next to Then. term. In the Comment box, enter the comment. From the Threshold list, select the logging threshold number of events per second. Select the Syslog check box to enable system logging. Copyright © 2010, Juniper Networks, Inc.
Page 450 Expand rule-set. Click Rule next to rule-set. Click Add new entry next to Rule. In the Name box, enter the rule the router uses when applying this service. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 451: Tracing Services Pic Operations (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services. Select Logging. Add or modify the settings as specified in Table 236 on page 420. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 452: Configuring Network Address Translation (Nsm Procedure)
In the navigation tree select Device Manager > Devices. In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Nat. Add or modify the settings as specified in Table 237 on page 422. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 454: Table 237: Nat Configuration Details
In the Low box, enter the lower boundary for the IPv4 or IPv6 address range. In the High box, enter the upper boundary for the IPv4 or IPv6 address range. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 455 In the Comment box, enter the comment. Expand Port. Click Automatic next to Port. Select one of the following: automatic—To configure Router-assigned port. range—To specify a range with minimum and maximum values. Range: 0 through 65535 Copyright © 2010, Juniper Networks, Inc.
Page 456 Select the Syslog check box to enable system logging. 20. Click No Translation next to Then. Select one of the following: no-translation—To specify that traffic is not to be translated. translated—To define properties for translated traffic. Copyright © 2010, Juniper Networks, Inc.
Page 457: Configuring Pgcp (Nsm Procedure)
Configuring a Rule (NSM Procedure) on page 451 Configuring Rule Set (NSM Procedure) on page 452 Configuring Session Mirroring (NSM Procedure) on page 452 Configuring Traceoptions (NSM Procedure) on page 453 Configuring Virtual Interface (NSM Procedure) on page 454 Copyright © 2010, Juniper Networks, Inc.
Page 458: Configuring Gateway (Nsm Procedure)
From the Service State list, select the service state of the virtual BGF. From the Max Concurrent Calls list, select the Maximum number of concurrent calls on the virtual BGF. Range: 0 through 10,000 Copyright © 2010, Juniper Networks, Inc.
Page 459: Configuring Data Inactivity Detection (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 239 on page 428. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 460: Configuring Gateway Controller (Nsm Procedure)
(BSG). To configure gateway controller in NSM: In the navigation tree select Device Manager > Devices. In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Copyright © 2010, Juniper Networks, Inc.
Page 461: Configuring Graceful Restart (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 241 on page 430. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 462: Configuring H248 Options Properties (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 242 on page 431. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 463: Changing Encoding Defaults (Nsm Procedure)
See the following topics: Configuring Context Indications (NSM Procedure) on page 432 Configure Control Association Indications (NSM Procedure) on page 432 Configuring Virtual Interface Indications (NSM Procedure) on page 435 Copyright © 2010, Juniper Networks, Inc.
Page 464: Table 244: Context Indication Configuration Details
To configure control associations indications in NSM: In the navigation tree select Device Manager > Devices. In the Devices list, double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 465 Chapter 23: Configuring Services In the Configuration tab, expand Services. Select Pgcp. Add or modify the settings as specified in Table 245 on page 434. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 466: Table 245: Control Association Configuration Details
From the Graceful list, select the method and reason that the virtual BGF includes in Notification ServiceChange commands that it sends to the gateway controller when the control association transitions from In-Service to Out-of-Service-Graceful. Copyright © 2010, Juniper Networks, Inc.
Page 467 In the Configuration tab, expand Services > Pgcp . Select Gateway. Add or modify the settings as specified in Table 246 on page 436. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 468: Configuring H248 Properties (Nsm Procedure)
You can configure default values for H248 properties using the following options. See the following topics: Configuring Application Data Inactivity Detection (NSM Procedure) on page 437 Configuring Base Root (NSM Procedure) on page 437 Copyright © 2010, Juniper Networks, Inc.
Page 469: Configuring Application Data Inactivity Detection (Nsm Procedure)
You can configure default values for properties in the base root package using the Base Root option: To configure base root package in NSM: In the navigation tree select Device Manager > Devices. In the Devices list, double-click the device to select it. Copyright © 2010, Juniper Networks, Inc.
Page 470 M-series and MX-series Devices In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 248 on page 439. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 471: Table 248: Base Root Package Configuration Details
From the Default list, select the default interval within which property of the base root the gateway controller waits for a response to transactions package. from the virtual BGF. Range: 500 through 29000 milliseconds Copyright © 2010, Juniper Networks, Inc.
Page 472: Configuring Differentiated Services (Nsm Procedure)
From the Default list, select the default values for Differentiated Services Code Point (DSCP) marking that the virtual BGF uses for outgoing traffic when the DSCP value is not already defined by the gateway controller. Copyright © 2010, Juniper Networks, Inc.
Page 473: Configuring Event Timestamp Notification (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 251 on page 442. Click one: Copyright © 2010, Juniper Networks, Inc.
Page 474: Configuring Inactivity Timer (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 252 on page 443. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 475: Configuring Notification Behavior (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 253 on page 444. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 476: Configuring Segmentation (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 254 on page 445. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 477: Configuring Traffic Management (Nsm Procedure)
To configure traffic management in NSM: In the navigation tree select Device Manager > Devices. In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Copyright © 2010, Juniper Networks, Inc.
Page 478: Table 255: Traffic Management Configuration Details
Click Percentage next to Rtcp. Select one of the following: percentage—if the value entered is a percentage of the RTP’s gate rate. fixed-value—if the value entered is a fixed number of bits per second. Range: 0 through 2147483647 Copyright © 2010, Juniper Networks, Inc.
Page 479: Configuring H248 Timers (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 256 on page 448. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 480: Configuring The Monitor (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Gateway. Add or modify the settings as specified in Table 257 on page 449. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 481: Configuring Overload Control (Nsm Procedure)
In the Comment box, enter the comment. From the Queue Limit Percentage list, select the percentage of the overload control work queue in use that triggers creation of an overload notification. Range: 1 through 100 Copyright © 2010, Juniper Networks, Inc.
Page 482: Configuring Session Mirroring (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Media Service. Add or modify the settings as specified in Table 260 on page 451. Click one: OK—To save the changes. Copyright © 2010, Juniper Networks, Inc.
Page 483: Configuring A Rule (Nsm Procedure)
From the Gateway list, select the identifier of the virtual BGF. Expand rule. Click Media Service next to rule. Click Add new entry next to Media Service. In the New media-service window, enter the identifier for the media service name. Copyright © 2010, Juniper Networks, Inc.
Page 484: Configuring Rule Set (Nsm Procedure)
In the Configuration tab, expand Services > Pgcp. Select Session Mirroring. Add or modify the settings as specified in Table 263 on page 453. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 485: Configuring Traceoptions (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Pgcp. Select Traceoptions. Add or modify the settings as specified in Table 264 on page 454. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 486: Configuring Virtual Interface (Nsm Procedure)
In the Configuration tab, expand Services > Pgcp. Select Virtual Interface. Add or modify the settings as specified in Table 265 on page 455. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 487: Configuring Service Interface Pools (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services. Select Service Interface Pools. Add or modify the settings as specified in Table 266 on page 456. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 488: Configuring A Service Set (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services. Select Service Set. Add or modify the settings as specified in Table 267 on page 457. Click one: OK—Save the changes. Cancel—Cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 489: Table 267: Service Set Configuration Details
Define JUNOS SDK service Click Extension Service next to service-set. set. Click Add new entry next to Extension Service. In the Name box, enter the identifier for a provider-specific service. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 490 NAT rule set included in this service set. Click Add new entry. From the Name list, select the rule or rule set name. In the Comment box, enter the comment. Copyright © 2010, Juniper Networks, Inc.
Page 492: Configuring Stateful Firewall (Nsm Procedure)
In the Devices list, double-click the device to select it. In the Configuration tab, expand Services > Stateful Firewall. Add or modify the settings as specified in Table 268 on page 461. Click one: OK—To save the changes. Cancel—To cancel the modifications. Copyright © 2010, Juniper Networks, Inc.
Page 493: Table 268: Stateful Firewall Configuration Details
Select reject to accept the traffic and return a rejection message. Define Ip option. Click Allow Ip Options next to Then. Click Add new entry next to Allow Ip Options. From the dropdown list, select the IP option name. Copyright © 2010, Juniper Networks, Inc.
Page 494 From the Name list, select the identifier for the collection of terms that constitute this rule. In the Comment box, enter the comment. Related Topics Configuring Service Interface Pools (NSM Procedure) on page 455 Configuring a Service Set (NSM Procedure) on page 456 Copyright © 2010, Juniper Networks, Inc.
Page 495: Configuring Snmp
Enter the system location information information. (such as a lab name and a rack name). Contact Specifies the contact information Enter the system contact information for the system. (such as a name and a phone number). Copyright © 2010, Juniper Networks, Inc.
Page 496: Configuring Snmp Communities (Nsm Procedure)
You can update multiple devices at one time. See the Updating Devices section in the Network and Security Manager Administration Guide for more information. Copyright © 2010, Juniper Networks, Inc.
Page 497: Table 270: Configuring Community Fields
To configure the default routing instance on a logical system, specify the logical system name followed by “default.” Comment—Enter a comment for the routing instance. Related Topics Configuring Client Lists (NSM Procedure) Copyright © 2010, Juniper Networks, Inc.
Page 498: Configuring Snmp Trap Groups (Nsm Procedure)
Destination Port Specifies the SNMP trap group port Enter a trap group port number. number. Routing Instance Specifies a routing instance for trap Enter the name of the routing instance. targets. Copyright © 2010, Juniper Networks, Inc.
Page 499: Configuring Snmp Views (Nsm Procedure)
To configure SNMP views in NSM: In the navigation tree, select Device Manager > Devices. In the Devices list, double-click the device to select it. Click the Configuration tab. In the configuration tree, expand SNMP. Select View. Copyright © 2010, Juniper Networks, Inc.
Page 500: Table 272: Configuring Snmp View Fields
MIB objects represented by the specified OID. Related Topics Configuring Basic System Identification for SNMP (NSM Procedure) on page 463 Configuring SNMP Communities (NSM Procedure) on page 464 Configuring SNMP Trap Groups (NSM Procedure) on page 466 Copyright © 2010, Juniper Networks, Inc.
Page 501: Managing M-Series And Mx-Series Devices
Managing M-series and MX-series Devices Managing M-series and MX-series Devices Overview on page 471 Viewing the M-series and MX-series Device Inventory in NSM and the CLI on page 473 Topology Manager on page 479 Copyright © 2010, Juniper Networks, Inc.
Page 503: Managing M-Series And Mx-Series Devices Overview
For more information and steps about updating the device software version, see “Upgrading the Device Software” in the Network and Security Manager Administration Guide. Related Topics Viewing and Reconciling Device Inventory on page 473 Comparing Device Inventory in NSM and the CLI on page 474 Copyright © 2010, Juniper Networks, Inc.
Page 505: Cli
N/A—Either the device is not yet connected and managed by NSM, or the device is a ScreenOS security device or IDP sensor Changes to the device inventory are not automatically updated in the NSM database. Copyright © 2010, Juniper Networks, Inc.
Page 506: Comparing Device Inventory In Nsm And The Cli
Right-click the device whose inventory you want to view. Select View/Reconcile Inventory. The Device Inventory window opens, similar to the example shown in Figure 7 on page 474. Figure 7: The Device Inventory Window Copyright © 2010, Juniper Networks, Inc.
Page 507: Figure 8: Viewing The Hardware Inventory
OS and its version, and any other installed packages. (See Figure 9 on page 475.) Figure 9: Viewing the Software Inventory NOTE: The License tab not supported for M-series or MX-series devices. Copyright © 2010, Juniper Networks, Inc.
Page 508: Viewing Device Inventory From The Cli
M10i device. The row of output showing the midplane is in bold to illustrate that the midplane information in this example is identical to the midplane information in the NSM UI example. Copyright © 2010, Juniper Networks, Inc.
Page 509 M10i device. In this instance, the CLI output provides more information than is provided by the NSM UI. Related Topics Managing M-series and MX-series Device Software Versions on page 471 Viewing and Reconciling Device Inventory on page 473 Copyright © 2010, Juniper Networks, Inc.
Page 511: Topology Manager
NSM user interface (UI) to discover and manage the physical topology of a network of devices connected to a Juniper Networks EX-series switch. These include networking devices such as the J-series, M-series, MX-series, and EX-series, as well as ScreenOS and IDP devices, IP phones, desktops, printers, and servers.
Page 512: About The Nsm Topology Manager Toolbar
The Topology Manager status bar at the bottom of the screen indicates the timestamp of the last completed topology discovery and whether a discovery is in progress. Copyright © 2010, Juniper Networks, Inc.
Page 513 For more information about the Topology Manager, see the Network and Security Manager Administration Guide. Related Topics Overview of the NSM Topology Manager on page 479 Requisites for a Topology Discovery on page 479 Copyright © 2010, Juniper Networks, Inc.
Page 517: Real Time Monitoring Of M-Series And Mx-Series
Related Topics Viewing Device Status on page 486 Viewing Device Monitor Alarm Status on page 488 Setting the Polling Interval For Device Alarm Status on page 489 Copyright © 2010, Juniper Networks, Inc.
Page 518: Viewing Device Status
A device in this state cannot connect to NSM. Update Needed—An update to this device is required. Managed—The device is currently being managed by NSM. Managed, In Sync—The physical device configuration is synced with the modeled configuration in NSM. Copyright © 2010, Juniper Networks, Inc.
Page 519 N/A—The device's alarm is not pollable or discoverable, for example, this column shows "N/A" for ScreenOS and IDP devices. Alarm is colored: Red for Major. Orange for Minor. Green for Ignore, None, Unknown, or N/A. Copyright © 2010, Juniper Networks, Inc.
Page 520: Viewing Device Monitor Alarm Status
To view the Alarm status and time: From Device Monitor, right-click the device row entry and select the View Alarm option. The device Alarm Status dialog box displays the alarm list and polling time for the device. Copyright © 2010, Juniper Networks, Inc.
Page 521: Setting The Polling Interval For Device Alarm Status
The minimum polling interval is 60 seconds. The maximum interval is 2,147,483,647 seconds. You cannot disable polling. Related Topics About the Realtime Monitor on page 485 Viewing Device Status on page 486 Viewing Device Monitor Alarm Status on page 488 Copyright © 2010, Juniper Networks, Inc.
Page 525: Index
CoS drop profiles..............125 aggregated devices, configuring........97 CoS forwarding classes............127 alarm status CoS forwarding policy, configuring.........129 setting polling intervals..........489 CoS fragmentation maps, configuring......130 viewing................488 CoS host outbound traffic, configuring......131 API....................12 CoS interfaces.................132 Copyright © 2010, Juniper Networks, Inc.
Page 526 82, configuring........190 gateway, configuring............393 DHCP agent, configuring............185 generated routes discovery rules................27 configuring..............369 distributed data collection...........13 group specific properties RIPng, configuring.....339 DMI See distributed data collection group, device................27 drop profiles................125 dynamic tunnels, configuring..........363 Copyright © 2010, Juniper Networks, Inc.
Page 527 IP demux, configuring..........213 receive bucket properties, configuring....209 unit properties, configuring........212 tracing operations, configuring.......210 traffic shaping profile, configuring......232 Copyright © 2010, Juniper Networks, Inc.
Page 528 H248 properties, configuring........436 configuring..............328 H248 timers, configuring..........447 routing table group, configuring......327 media service, configuring........450 traceoptions, configuring.........328 monitor, configuring...........448 MSDP peer group, configuring.........324 overload control, configuring........449 MSDP, configuring..............321 rule set, configuring............452 MSTP..................329 Copyright © 2010, Juniper Networks, Inc.
Page 529 Protocols interface routes.............372 MSTP................329 martian addresses............373 maximum paths............374 maximum prefixes............375 RADIUS, configuring..............68 multicast................377 Realtime Monitor Options................380 using.................485 rib..................381 reroute path rib groups................383 automatic bandwidth, configuring.......292 source routing...............384 retain Static Routes..............385 option..................18 Traceoptions..............387 RSVP, configuring..............351 Copyright © 2010, Juniper Networks, Inc.
Page 530 See technical support T640 router, configuring............105 TCP See Transmission Control Protocol technical overview..............3 technical support contacting JTAC............xxx topologies, configuring............386 Traceoptions configuring..............387 Transmission Control Protocol...........13 trap groups configuring..............466 unreachable workflow importing device..............16 views configuring..............467 VRRP..................358 VSTP..................359 Copyright © 2010, Juniper Networks, Inc.

This manual is also suitable for:

Network and security manager 2010.3

Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1 Manual

Chapter 1 Getting Started with NSM

Chapter 2 Understanding the JUNOS CLI and NSM

Chapter 3 Before You Begin Adding M-Series and MX-Series Devices

Chapter 4 Adding M-Series and MX-Series Devices Overview

Chapter 5 Updating M-Series and MX-Series Devices Overview

Chapter 6 Configuring M-Series and MX-Series Devices Overview

Chapter 7 Configuring Access

Chapter 8 Configuring Accounting Options

Chapter 9 Configuring Applications

Chapter 10 Configuring Bridge Domains

Chapter 11 Configuring Chassis

Chapter 12 Configuring Authentication

Chapter 13 Configuring Class of Service Features

Chapter 14 Configuring Event Options

Chapter 15 Configuring Firewall

Chapter 16 Configuring Forwarding Options

Quick Links

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1

Summary of Contents for Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1